CVE-2025-65566 identifies a denial-of-service vulnerability in the User Plane Function (UPF) component of the omec-project, specifically in the pfcpiface module version 2.1.3-dev. The vulnerability arises when the UPF receives a PFCP (Packet Forwarding Control Protocol) Session Report Response message that lacks the mandatory Cause Information Element. Instead of rejecting this malformed message, the session report handler attempts to dereference a nil pointer, leading to a runtime panic and termination of the UPF process. Since the UPF is a critical element in 5G core networks responsible for forwarding user data packets, its crash results in disruption of user-plane services. Exploitation requires an attacker to send crafted PFCP Session Report Response messages to the UPF's N4/PFCP interface, which is typically accessible within the operator's network or through compromised network elements. The flaw does not require authentication but does require network access to the PFCP endpoint. Currently, no patches or fixes have been published, and no known exploits are reported in the wild. The vulnerability highlights the importance of robust input validation in protocol handlers within telecom infrastructure components. Given the essential role of UPF in 5G networks, repeated crashes can cause significant service outages and degrade network reliability.

For European organizations, particularly telecom operators and mobile network providers deploying 5G infrastructure using the omec-project UPF, this vulnerability poses a substantial risk to network availability. The UPF is central to user-plane data forwarding; its disruption can lead to dropped connections, degraded service quality, and potential loss of revenue and customer trust. Critical services relying on 5G connectivity, including IoT applications, emergency communications, and enterprise services, could be adversely affected. The denial-of-service condition could be exploited to cause intermittent or prolonged outages, impacting end-users and potentially violating service-level agreements. Additionally, repeated UPF crashes may increase operational costs due to incident response and recovery efforts. The vulnerability could also be leveraged as part of a broader attack campaign targeting telecom infrastructure, amplifying its impact. European organizations with limited network segmentation or insufficient PFCP traffic filtering are particularly vulnerable.

To mitigate this vulnerability, European telecom operators should implement strict network-level filtering and access controls to restrict PFCP traffic to trusted sources only, minimizing exposure of the UPF's N4/PFCP endpoint. Deploy deep packet inspection or protocol-aware firewalls to detect and block malformed PFCP messages lacking mandatory elements. Operators should monitor UPF logs and system metrics for signs of crashes or abnormal behavior indicative of exploitation attempts. Implement redundancy and failover mechanisms for UPF instances to maintain service continuity during potential crashes. Engage with the omec-project community and vendors to obtain patches or updated versions addressing this flaw as soon as they become available, and prioritize timely deployment. Conduct thorough testing of updated UPF components in controlled environments before production rollout. Additionally, consider network segmentation strategies to isolate critical 5G core components from less trusted network segments. Finally, maintain incident response plans tailored to telecom infrastructure to rapidly respond to and mitigate denial-of-service events.