Improper Handling of Missing Values in Ericsson Packet Core Gateway
CVE-2026-25659
7.1HIGH
What is CVE-2026-25659?
Ericsson's Packet Core Gateway (PCG) versions before 1.30 exhibit a vulnerability related to the improper handling of missing values, as classified by CWE-230. This flaw allows attackers to send specially crafted messages that can lead to significant service degradation. The disruption may persist for as long as the attack continues, although the system is capable of recovering once the attack ceases. Organizations using affected versions are advised to assess their risk and apply necessary mitigations.
Affected Version(s)
Packet Core Gateway (PCG) 0
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH
BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany)
