CVE-2025-69247

Sažetak

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.

Reference

https://github.com/free5gc/free5gc/issues/746
https://github.com/free5gc/free5gc/security/advisories/GHSA-gf69-93xr-p23g
https://github.com/free5gc/go-upf/commit/b798fe5ee6a984be492fa53958dd5f1305469f85
https://github.com/free5gc/go-upf/pull/85

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

23-02-2026 - 22:16

Objavljeno

23-02-2026 - 22:16