CVE-2025-66720 is a software vulnerability identified in the free5gc Policy Control Function (PCF) version 1.4.0, a component of the open-source 5G core network implementation. The vulnerability arises from a null pointer dereference in the function HandleDeletePoliciesPolAssoId, located in the internal/sbi/processor/ampolicy.go source file. A null pointer dereference occurs when the software attempts to access or manipulate memory through a pointer that has not been properly initialized or has been set to null, leading to a runtime error and process crash. In this context, the flaw can cause the PCF process to terminate unexpectedly when handling specific delete policy association requests, resulting in denial of service (DoS) conditions. The PCF is critical in 5G networks as it manages policy rules and charging control, influencing how network resources are allocated and how subscriber sessions are handled. Although no CVSS score has been assigned and no known exploits are reported in the wild, the vulnerability's presence in a core network function means that successful exploitation could disrupt 5G service continuity. The vulnerability was reserved in December 2025 and published in January 2026, indicating recent discovery. The lack of patch links suggests that fixes may not yet be publicly available, emphasizing the need for proactive mitigation. Exploitation likely requires interaction with the PCF's SBI (Service-Based Interface), which may be exposed internally or externally depending on network architecture. This vulnerability highlights the importance of rigorous input validation and error handling in telecom software components to prevent service outages.

For European organizations operating 5G networks using free5gc PCF 1.4.0, this vulnerability poses a risk of denial of service through crashes of the PCF component. Disruption of the PCF can lead to improper enforcement of network policies, affecting subscriber session management, quality of service, and charging functions. This can degrade user experience, cause service interruptions, and potentially impact revenue. In critical infrastructure or enterprise networks relying on 5G connectivity, such outages could affect operational continuity and safety systems. The impact is heightened in environments where free5gc is deployed in production or testing phases without sufficient isolation or redundancy. Since the vulnerability does not appear to allow remote code execution or privilege escalation, confidentiality and integrity impacts are limited. However, availability is significantly affected due to potential service crashes. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once details become widely known. European telecom operators and enterprises adopting open-source 5G core solutions should consider this vulnerability in their risk assessments and incident response planning.

1. Monitor official free5gc repositories and security advisories for patches addressing CVE-2025-66720 and apply them promptly once available. 2. Implement robust input validation and error handling in the PCF SBI interfaces to prevent null pointer dereferences from malformed or unexpected requests. 3. Deploy redundancy and failover mechanisms for the PCF component to maintain service continuity in case of crashes. 4. Restrict access to the PCF's SBI endpoints using network segmentation, firewalls, and authentication controls to limit exposure to potentially malicious requests. 5. Continuously monitor PCF logs and system metrics for signs of crashes, abnormal terminations, or unusual request patterns that may indicate exploitation attempts. 6. Conduct regular security testing, including fuzzing and code review of the PCF codebase, to identify and remediate similar vulnerabilities proactively. 7. Engage with the free5gc community and vendors to share threat intelligence and coordinate response efforts. 8. Prepare incident response plans specifically addressing potential denial of service scenarios affecting 5G core network functions.