CVE-2025-65561 is a vulnerability identified in the open-source 5G core network implementation free5GC version 4.1.0. The flaw resides in the LocalNode.Sess function, which processes PFCP (Packet Forwarding Control Protocol) Session Modification Requests. Specifically, the vulnerability arises from improper input validation of the Local SEID (Session Endpoint Identifier) header. An attacker can craft a malicious Local SEID header in a PFCP Session Modification Request message to trigger a denial of service (DoS) condition or potentially cause other unspecified impacts on the affected system. The vulnerability is exploitable remotely without requiring any authentication or user interaction, making it accessible to any attacker with network access to the PFCP interface. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the ease of exploitation (network vector, low attack complexity) and the impact on availability. The vulnerability is categorized under CWE-20 (Improper Input Validation), indicating that the root cause is insufficient validation of input data leading to unexpected behavior. While no patches or known exploits are currently reported, the risk is significant given the critical role of free5GC in 5G core network infrastructure. Exploitation could disrupt 5G session management, impacting service continuity and network reliability.

For European organizations, particularly telecom operators and 5G infrastructure providers, this vulnerability poses a significant risk to network availability. Exploitation could lead to denial of service conditions on core network components, disrupting 5G session management and potentially causing widespread service outages. This can affect mobile broadband services, IoT connectivity, and critical communications relying on 5G networks. The impact extends to enterprises and public services dependent on 5G connectivity, potentially causing operational disruptions and financial losses. Given the increasing reliance on 5G for digital transformation and critical infrastructure, the vulnerability could undermine trust in network reliability and service quality. Additionally, the lack of authentication requirements means that attackers could launch attacks from within or near the network perimeter, increasing the threat surface. Although confidentiality and integrity are not directly impacted, the availability disruption alone can have cascading effects on dependent systems and services.

Organizations should monitor free5GC project communications for official patches addressing CVE-2025-65561 and apply them promptly once available. In the interim, network operators should implement strict filtering and validation of PFCP messages at network boundaries to block malformed or suspicious Local SEID headers. Deploying anomaly detection systems focused on PFCP traffic can help identify and mitigate exploitation attempts early. Network segmentation and access controls should restrict PFCP interface access to trusted management and control entities only. Regular security assessments and penetration testing of 5G core components can help identify similar input validation issues. Additionally, operators should maintain robust incident response plans to quickly address potential denial of service events. Collaboration with vendors and open-source communities to share threat intelligence and mitigation strategies is also recommended. Finally, logging and monitoring of PFCP session modification requests should be enhanced to detect unusual patterns indicative of exploitation attempts.