Access Token Scope Bypass in Free5gc Network Functions by Free5gc
CVE-2025-66719

9.1CRITICAL

Key Information:

Vendor: Free5gc
Status: Free5gc NRF
Vendor: CVE Published:; 23 January 2026

What is CVE-2025-66719?

A vulnerability in Free5gc NRF version 1.4.0 could allow an attacker to bypass access token scope validation. The issue occurs in the access-token generation logic, specifically in the AccessTokenScopeCheck() function, which fails to validate the requested scope when an attacker uses a specially crafted targetNF value. This could enable unauthorized users to obtain access tokens for various unrestricted scopes, significantly compromising the integrity and security of the network functions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/free5gc/free5gc/issues/736

https://github.com/free5gc/nrf/pull/73

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 23, 2026
Vulnerability Reserved
Dec 8, 2025

JSON

Free5gc

What is CVE-2025-66719?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.