CVE-2025-65567 identifies a denial-of-service vulnerability in the omec-project User Plane Function (UPF), specifically within the pfcpiface component version 2.1.3-dev. The vulnerability stems from insufficient validation of the Flow-Description field in a PFCP Session Establishment Request message. The Flow-Description parser (parseFlowDesc) fails to properly check the bounds of the input buffer, resulting in a buffer over-read (CWE-125). When a specially crafted PFCP message containing a malformed Flow-Description is processed, the parser reads beyond the allocated memory, causing a panic that terminates the UPF process. The UPF is a fundamental element in 5G core networks, handling user data forwarding and traffic management. The attack vector requires no privileges or user interaction and can be executed remotely by sending malicious PFCP messages to the UPF's N4/PFCP interface. The CVSS v3.1 score is 7.5 (high severity), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (no confidentiality or integrity impact). Although no known exploits are reported in the wild, the vulnerability poses a significant risk to network stability and service continuity. The lack of available patches necessitates immediate defensive measures to mitigate potential exploitation.

For European organizations, particularly telecom operators and 5G service providers using the omec-project UPF, this vulnerability can cause repeated denial-of-service conditions, leading to service outages and degraded network performance. The UPF is critical for user plane traffic management; its disruption can interrupt subscriber data flows, impacting end-user experience and potentially violating service level agreements. The availability impact could cascade, affecting dependent network functions and services. Given the increasing reliance on 5G infrastructure across Europe for critical communications, industrial automation, and IoT, such outages could have broader economic and operational consequences. Additionally, repeated crashes may increase operational costs due to emergency response and recovery efforts. While confidentiality and integrity are not directly impacted, the availability degradation alone is significant for network operators and their customers.

1. Implement strict input validation and boundary checks in the Flow-Description parser within the pfcpiface component to prevent buffer over-read conditions. 2. Deploy network-level filtering and access controls to restrict PFCP traffic to trusted sources only, minimizing exposure of the UPF's N4/PFCP endpoint to untrusted networks. 3. Monitor PFCP traffic for anomalous or malformed Session Establishment Requests indicative of exploitation attempts. 4. Employ redundancy and failover mechanisms for UPF instances to maintain service continuity during potential crashes. 5. Engage with the omec-project community or vendors for patches or updated versions addressing this vulnerability as they become available. 6. Conduct regular security assessments and penetration testing focused on PFCP interfaces to identify and remediate similar issues proactively. 7. Consider isolating UPF components in segmented network zones with strict ingress filtering to reduce attack surface.