Improper Handling of Invalid Structures in Ericsson Packet Core Gateway
CVE-2026-25657
7.1HIGH
What is CVE-2026-25657?
The Ericsson Packet Core Gateway (PCG) versions prior to 1.30 are susceptible to a vulnerability that involves improper handling of syntactically invalid structures. This allows an attacker to exploit the system by sending a continuous stream of specially crafted messages, leading to potential service degradation. The system experiences interruptions as long as the attack is ongoing, but it is capable of recovering after the attack ceases. Organizations utilizing affected versions of the Ericsson Packet Core Gateway should consider implementing mitigations and plan for upgrades to ensure service integrity.
Affected Version(s)
Packet Core Gateway (PCG) 0
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH
BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
