CVE-2025-59174

7.1HIGH

Key Information:

Vendor: Ericsson
Status: Packet Core Controller
Vendor: CVE Published:; 5 June 2026

What is CVE-2025-59174?

Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

Affected Version(s)

Packet Core Controller 0 < 1.39

References

https://ericsson.com/en/about-us/security/psirt/CVE-2025-...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Sep 10, 2025

Credit

The UK Telecoms Lab (UKTL)

The UK’s National Cyber Security Centre (NCSC)

CVE-2025-59174 Data

JSON