Array Index Out of Bounds in free5GC AMF Component Affects Mobile Network Security
CVE-2025-70121

7.5HIGH

Key Information:

Vendor: free5GC
Status: free5GC
Vendor: CVE Published:; 13 February 2026

What is CVE-2025-70121?

An array index out of bounds vulnerability exists in the Access and Mobility Management Function (AMF) component of free5GC v4.0.1. This flaw enables remote attackers to exploit a crafted 5GS Mobile Identity within a NAS Registration Request, particularly in the GetSUCI method. The issue arises when accessing the 5th index of a 5-element array, causing a runtime panic and resulting in a denial of service as the AMF crashes. This vulnerability underscores the necessity for robust input validation mechanisms to avert unauthorized access and ensure network stability.

References

https://github.com/free5gc/free5gc/issues/747

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70121 Data

JSON