The vulnerability CVE-2025-69247 affects the go-upf component of free5GC, an open-source 5G core network implementation. The UPF is critical for handling user plane traffic in 5G networks. The flaw is a heap-based buffer overflow (CWE-122) triggered when the UPF processes a PFCP (Packet Forwarding Control Protocol) Session Modification Request containing an invalid SDF (Service Data Flow) Filter length field. This malformed input causes the UPF to write beyond allocated heap memory, leading to a crash of the UPF process. Since the UPF manages data forwarding for all connected UEs, its failure results in a denial of service affecting the entire user plane. Additionally, the disruption may cascade to the SMF, which manages session control, further impacting network stability. The vulnerability requires no authentication or user interaction and can be exploited remotely by sending crafted PFCP messages. The issue is fixed in free5GC go-upf version 1.2.8. The CVSS 4.0 vector indicates network attack vector, low complexity, no privileges or user interaction needed, and limited availability impact. No known exploits have been reported in the wild as of now.

The primary impact is denial of service on the UPF component of free5GC-based 5G networks. This causes loss of user plane connectivity, effectively disconnecting all user equipment relying on the affected UPF. The resulting service disruption can degrade network availability and user experience significantly. In large-scale deployments, the failure of the UPF may cascade to the SMF and other 5G core functions, amplifying the outage. While confidentiality and integrity are not directly compromised, the availability impact can be severe for operators relying on free5GC for 5G core infrastructure. This can affect telecom operators, enterprises, and service providers deploying free5GC in production or test environments. The low CVSS score reflects the limited scope and impact, but the critical role of UPF in 5G networks means even a denial of service can have operational consequences.

Operators and administrators using free5GC should upgrade the go-upf component to version 1.2.8 or later, where the heap overflow vulnerability is patched. Until upgrading, network administrators should implement strict filtering and validation of PFCP messages at network boundaries to block malformed or suspicious PFCP Session Modification Requests. Deploying anomaly detection systems that monitor PFCP traffic for unusual patterns can help identify exploitation attempts. Additionally, isolating the UPF in a hardened network segment and limiting exposure to untrusted networks reduces attack surface. Regularly auditing and updating 5G core components and applying security patches promptly is critical. Testing the UPF under stress and malformed inputs can help identify similar vulnerabilities proactively. Finally, operators should monitor vendor advisories and threat intelligence feeds for any emerging exploits targeting this vulnerability.