CVE-2025-65562 identifies a critical vulnerability in the free5GC User Plane Function (UPF), a core component of the 5G core network responsible for packet forwarding and session management. The vulnerability arises from a lack of bounds checking on the SEID (Session Endpoint Identifier) field when processing PFCP (Packet Forwarding Control Protocol) Session Deletion Requests. Specifically, an attacker can send a PFCP Session Deletion Request with a very large SEID value (e.g., 0xFFFFFFFFFFFFFFFF), which is a uint64 integer. During processing in the Go-based implementation, this large unsigned integer is converted to a signed int type and used as an index in session lookup/deletion operations within LocalNode.DeleteSess() and LocalNode.Sess() functions. This conversion causes an integer underflow, resulting in a negative index used to access the session map (n.sess). Accessing a negative index triggers a Go runtime panic, crashing the UPF process and causing a denial of service. The vulnerability requires no authentication or user interaction, making it remotely exploitable by any attacker able to send PFCP messages to the UPF. The issue has been confirmed on free5GC version 4.1.0, with the potential for other versions to be affected due to similar code paths. The UPF is a critical network function in 5G infrastructure, and its crash disrupts user data plane traffic, impacting service availability. No known exploits in the wild have been reported yet, but the vulnerability's nature and ease of exploitation make it a significant threat. The lack of a CVSS score necessitates a severity assessment based on impact and exploitability factors.

The primary impact of CVE-2025-65562 is a denial of service condition on the free5GC UPF, a vital component in 5G networks responsible for forwarding user data traffic. For European organizations, particularly telecom operators and mobile network providers deploying free5GC or its derivatives, this vulnerability can lead to service outages affecting end-users' mobile connectivity and data services. Disruptions in UPF availability can degrade network performance, cause dropped sessions, and interrupt critical communications, potentially impacting emergency services, enterprise customers, and consumer mobile users. The vulnerability's unauthenticated remote exploitability increases the attack surface, enabling attackers to disrupt services without prior access. Given Europe's rapid 5G adoption and reliance on open-source 5G core implementations to reduce costs and increase flexibility, the risk is heightened. Additionally, the potential cascading effects on dependent network functions and services could amplify operational impacts. Regulatory compliance and service level agreements may also be affected due to service interruptions. The lack of known exploits currently limits immediate widespread impact, but the vulnerability's disclosure timeline suggests a need for urgent attention.

To mitigate CVE-2025-65562, organizations should prioritize updating free5GC UPF components to patched versions once available that include proper bounds checking and input validation on the SEID field in PFCP messages. In the absence of immediate patches, network operators should implement strict filtering and validation of PFCP traffic at the network edge or firewall to block malformed or suspicious Session Deletion Requests with anomalous SEID values. Deploying anomaly detection systems that monitor PFCP protocol behavior can help identify and alert on potential exploitation attempts. Segmentation of the 5G core network and limiting exposure of UPF interfaces to untrusted networks reduces attack surface. Additionally, operators should review and harden Go runtime configurations to improve resilience against panics and crashes. Regular security audits and code reviews of open-source 5G core components are recommended to identify similar issues proactively. Coordination with free5GC maintainers and participation in community security discussions can facilitate timely patching and information sharing. Finally, maintaining robust incident response plans for 5G network disruptions will help minimize operational impact.