CVE-2025-65564 is a denial-of-service vulnerability found in the omec-upf component, specifically in the upf-epc-pfcpiface version 2.1.3-dev. The vulnerability arises when the User Plane Function (UPF) receives a PFCP (Packet Forwarding Control Protocol) Association Setup Request message that lacks the mandatory Recovery Time Stamp Information Element (IE). Instead of validating the presence of this IE, the association setup handler attempts to dereference a nil pointer via IE.RecoveryTimeStamp(), leading to a runtime panic that terminates the UPF process. This crash disrupts the UPF's operation, which is critical for forwarding user-plane traffic in 5G networks. Exploitation requires an attacker to send crafted PFCP Association Setup Request messages to the UPF's N4/PFCP interface, which is typically exposed internally within the mobile core network. The vulnerability does not require authentication or user interaction, making it easier to exploit if network access is obtained. The CVSS v3.1 score of 7.5 reflects high severity due to the ease of exploitation and the impact on availability, although confidentiality and integrity remain unaffected. No patches or fixes have been published yet, and no known exploits have been observed in the wild. This vulnerability is classified under CWE-476 (NULL Pointer Dereference), a common programming error leading to crashes. The lack of input validation on critical protocol messages highlights a significant robustness issue in the UPF implementation.

The primary impact of CVE-2025-65564 is on the availability of the User Plane Function within 5G core networks. The UPF is responsible for routing and forwarding user data traffic, so repeated crashes can cause significant service disruption, leading to dropped calls, interrupted data sessions, and degraded user experience. For European organizations, especially telecom operators and mobile network providers, this vulnerability could result in network outages affecting millions of subscribers. Disruption of user-plane services can also impact enterprise customers relying on 5G connectivity for critical applications, including IoT, industrial automation, and emergency services. Additionally, repeated crashes may increase operational costs due to incident response and recovery efforts. Although the vulnerability does not compromise confidentiality or integrity, the denial-of-service effect can be leveraged as part of a broader attack campaign or to cause reputational damage. The lack of authentication requirement for exploitation increases the risk if attackers gain access to the internal network or if the N4 interface is exposed improperly. The absence of known exploits in the wild currently limits immediate risk, but the vulnerability's simplicity and high impact make it a likely target once publicized.

To mitigate CVE-2025-65564, European telecom operators and network administrators should implement the following specific measures: 1) Enforce strict input validation on PFCP messages at the UPF to ensure mandatory Information Elements like the Recovery Time Stamp are present before processing. 2) Apply network segmentation and access controls to restrict access to the N4/PFCP interface only to authorized network elements, minimizing exposure to potential attackers. 3) Deploy PFCP message filtering or deep packet inspection on interfaces leading to the UPF to detect and block malformed or suspicious Association Setup Requests. 4) Monitor UPF process stability and implement automated restart mechanisms with alerting to quickly respond to crashes. 5) Engage with the omec-upf vendor or open-source community to obtain patches or updated versions addressing this vulnerability as soon as they become available. 6) Conduct regular security assessments and penetration testing on 5G core components to identify similar robustness issues. 7) Maintain up-to-date network documentation and incident response plans tailored to 5G core network components. These measures go beyond generic advice by focusing on protocol-specific validation, network architecture hardening, and operational readiness.