Denial of Service Vulnerability in Free5GC by Free5GC
CVE-2025-65561

7.5HIGH

Key Information:

Vendor: Free5GC
Status: Free5GC
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-65561?

A flaw was discovered in the LocalNode.Sess function of Free5GC version 4.1.0. This vulnerability allows attackers to effectuate a denial of service by sending specially crafted headers, specifically the Local SEID, during the PFCP Session Modification Request process. Such an exploit can cause disruptions, impacting service availability and overall performance.

References

https://github.com/free5gc/free5gc/issues/730

https://github.com/free5gc/go-upf/pull/80

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Nov 18, 2025

CVE-2025-65561 Data

JSON