Improper Handling of Missing Values in Ericsson Packet Core Gateway
CVE-2026-25658
7.1HIGH
What is CVE-2026-25658?
The vulnerability affects earlier versions of Ericsson's Packet Core Gateway, where improper handling of missing values can allow an attacker to exploit the system by sending specially crafted messages. This exploitation can result in service degradation, impacting the availability of network services. While the system will recover once the malicious activity ceases, the sustained attack can cause significant disruptions, highlighting the need for immediate mitigation.
Affected Version(s)
Packet Core Gateway (PCG) 0
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH
BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
