CVE-2025-65568 is a denial-of-service vulnerability identified in the omec-project User Plane Function (UPF), specifically within the pfcpiface component version 2.1.3-dev. The vulnerability occurs after a PFCP association is established between the UPF and the control plane. When a PFCP Session Establishment Request is sent containing a CreateFAR (Forwarding Action Rule) with an empty or truncated IPv4 address field, the pfcpiface component fails to properly validate this input. During the parsing process, the function parseFAR() invokes ip2int(), which attempts to convert the IPv4 address to an integer representation. Due to the malformed or incomplete IPv4 address, ip2int() performs an out-of-bounds read on the buffer, causing an index-out-of-range panic that crashes the UPF process. This crash results in denial of service by disrupting the user-plane data forwarding capabilities of the UPF, which is a critical element in 5G core networks responsible for handling user data traffic. An attacker capable of sending PFCP Session Establishment Requests to the UPF's N4/PFCP interface can exploit this vulnerability repeatedly, causing persistent service disruption. No authentication or user interaction is required, increasing the risk of exploitation. The vulnerability does not currently have a CVSS score or known public exploits, but its impact on network availability is significant. The affected software version is upf-epc-pfcpiface:2.1.3-dev, and no patch information is currently available. This vulnerability highlights the importance of robust input validation in telecom network functions, especially in emerging 5G infrastructure components.

The primary impact of CVE-2025-65568 is the disruption of user-plane services in 5G networks due to repeated crashes of the UPF component. For European organizations, especially telecom operators and service providers deploying the omec-project UPF, this can lead to significant service outages affecting mobile broadband and critical communications. The UPF is responsible for forwarding user data traffic, so its unavailability can degrade network performance, cause dropped connections, and impact end-user experience. This can also affect enterprise customers relying on 5G for critical applications, potentially causing operational disruptions. Additionally, repeated denial-of-service attacks may strain network resources and complicate incident response. Given the increasing reliance on 5G infrastructure across Europe, this vulnerability poses a risk to network reliability and service continuity. Regulatory compliance related to network availability and security may also be impacted if service disruptions occur. The lack of authentication requirements for exploitation increases the threat surface, making it easier for malicious actors to target vulnerable UPF instances remotely.

To mitigate CVE-2025-65568, European organizations should first verify if they are running the vulnerable version (upf-epc-pfcpiface:2.1.3-dev) of the omec-project UPF. If so, they should seek patches or updates from the omec-project maintainers as soon as they become available. In the absence of an official patch, organizations should implement strict input validation on PFCP messages at the network edge or within the UPF to detect and reject malformed CreateFAR IPv4 address fields. Network-level filtering and rate limiting on the N4/PFCP interface can reduce the risk of exploitation by limiting the volume of PFCP Session Establishment Requests from untrusted sources. Deploying anomaly detection systems to monitor for unusual PFCP message patterns can provide early warning of exploitation attempts. Segmentation of the control and user planes and restricting access to the N4 interface to trusted management networks can further reduce exposure. Regular security audits and penetration testing focused on PFCP protocol handling will help identify similar weaknesses. Finally, operators should maintain incident response plans tailored to UPF service disruptions to minimize downtime if exploitation occurs.