Buffer Overflow Vulnerability in free5GC's AMF Service by free5GC
CVE-2025-69248

6.6MEDIUM

Key Information:

Vendor

Free5gc

Status
Amf
Vendor
CVE Published:
23 February 2026

What is CVE-2025-69248?

The AMF service of free5GC, an open-source project for 5th generation mobile core networks, contains a buffer overflow vulnerability that can be exploited by remote unauthenticated attackers. By sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, attackers can crash the AMF service, resulting in a complete denial of service for the associated 5G core network. This affects all deployments of free5GC utilizing the AMF component. It is advisable to apply the official patch provided in pull request 43 of the free5gc/nas repository, as there are no existing workarounds at the application level.

Affected Version(s)

amf <= 1.4.1

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/747
x_refsource_MISC
https://github.com/free5gc/nas/pull/43
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.