Access Token Scope Bypass in Free5gc Network Functions by Free5gc
CVE-2025-66719

9.1CRITICAL

Key Information:

Vendor: Free5gc
Status: Free5gc NRF
Vendor: CVE Published:; 23 January 2026

What is CVE-2025-66719?

A vulnerability in Free5gc NRF version 1.4.0 could allow an attacker to bypass access token scope validation. The issue occurs in the access-token generation logic, specifically in the AccessTokenScopeCheck() function, which fails to validate the requested scope when an attacker uses a specially crafted targetNF value. This could enable unauthorized users to obtain access tokens for various unrestricted scopes, significantly compromising the integrity and security of the network functions.

References

https://github.com/free5gc/free5gc/issues/736

https://github.com/free5gc/nrf/pull/73

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2026
Vulnerability Reserved
Dec 8, 2025

CVE-2025-66719 Data

JSON