Reconnecting to live updates…

CVE-2025-15156: NULL Pointer Dereference in omec-project UPF

Medium

VulnerabilityCVE-2025-15156cve cve-2025-15156

Published: Sun Dec 28 2025 (12/28/2025, 22:02:06 UTC)

Source: CVE Database V5

Vendor/Project: omec-project

Product: UPF

Description

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Technical Details

Data Version: 5.2
Assigner Short Name: VulDB
Date Reserved: 2025-12-27T16:58:02.810Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 6952758bfd294cd93b88d62e

Added to database: 12/29/2025, 12:35:23 PM

Last updated: 12/29/2025, 1:51:48 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.