Improper Error Handling in free5GC's User Data Repository Affects 5G Networks
CVE-2025-69253

6.6MEDIUM

Key Information:

Vendor

Free5gc

Status
Udr
Vendor
CVE Published:
24 February 2026

What is CVE-2025-69253?

The User Data Repository within the free5GC open-source project is susceptible to a vulnerability that allows for improper error handling, resulting in the leakage of sensitive internal parsing error details to remote clients. This exposure can assist attackers in conducting service fingerprinting on deployments utilizing the Nnef_PfdManagement service. Affected versions include any up to and including 1.4.1. To mitigate the risk, applying the official patch available in pull request 56 is strongly recommended, as there is no viable workaround at the application level.

Affected Version(s)

udr <= 1.4.1

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/753
x_refsource_MISC
https://github.com/free5gc/udr/pull/56
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.