Data Management Vulnerability in free5GC's UDM Service
CVE-2025-69250

6.6MEDIUM

Key Information:

Vendor

Free5gc

Status
Udm
Vendor
CVE Published:
23 February 2026

What is CVE-2025-69250?

The Unified Data Management (UDM) service in free5GC, an open-source framework for 5G mobile networks, has a vulnerability that causes internal error messages to be leaked to remote clients under certain conditions. This issue affects versions of UDM up to and including 1.4.1, where errors related to invalid pduSessionId inputs are exposed. Such leaks can provide attackers with valuable implementation details potentially enabling service fingerprinting. Users of free5GC are advised to apply the official fix, as there are no direct workarounds available at the application level.

Affected Version(s)

udm <= 1.4.1

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/750
x_refsource_MISC
https://github.com/free5gc/udm/pull/76
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.