Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability
CVE-2026-25657

7.1HIGH

Key Information:

Vendor: Ericsson
Status: Packet Core Gateway (pcg)
Vendor: CVE Published:; 5 June 2026

What is CVE-2026-25657?

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

Affected Version(s)

Packet Core Gateway (PCG) 0

References

https://www.ericsson.com/en/about-us/security/psirt/cve-2...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Feb 4, 2026

Credit

Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH

BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)

CVE-2026-25657 Data

JSON