Vulnerability Details CVE-2025-69252
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.2%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-69252
-
cpe:2.3:a:free5gc:udm:1.0.0
-
cpe:2.3:a:free5gc:udm:1.0.1
-
cpe:2.3:a:free5gc:udm:1.0.2
-
cpe:2.3:a:free5gc:udm:1.1.0
-
cpe:2.3:a:free5gc:udm:1.1.1
-
cpe:2.3:a:free5gc:udm:1.2.0