Heap Buffer Overflow Vulnerability in free5GC by free5GC
CVE-2025-70122

7.5HIGH

Key Information:

Vendor: free5GC
Status: free5GC
Vendor: CVE Published:; 13 February 2026

What is CVE-2025-70122?

A heap buffer overflow vulnerability manifests in the UPF component of free5GC v4.0.1, enabling remote attackers to trigger a denial of service. This issue arises in the SDFFilterFields.UnmarshalBinary function, particularly when handling a declared length that surpasses the buffer's capacity, which can result in a runtime panic and subsequent UPF crash. It highlights a critical need for robust input validation and buffer management to safeguard against such exploit attempts.

References

https://github.com/free5gc/free5gc/issues/746

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70122 Data

JSON