CVE-2025-69248: CWE-129: Improper Validation of Array Index in free5gc amf
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, causing complete denial of service for the 5G core network. All deployments of free5GC using the AMF component may be affected. Pull request 43 of the free5gc/nas repo contains a fix. No direct workaround is available at the application level. Applying the official patch is recommended.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2025-69248 affects the Access and Mobility Management Function (AMF) component of free5GC, an open-source 5G core network implementation. The root cause is improper validation of array indices (CWE-129) when handling NAS Registration Requests, specifically those containing malformed 5GS Mobile Identities. This improper validation leads to a buffer overflow condition, which can be triggered remotely by unauthenticated attackers sending specially crafted NAS messages. Exploitation results in a crash of the AMF service, causing a denial of service (DoS) that disrupts the 5G core network's ability to manage user mobility and access. The vulnerability affects all free5GC AMF versions up to and including 1.4.1. The CVSS 4.0 base score is 6.6, reflecting medium severity due to network attack vector, no required privileges or user interaction, but with a high impact on availability. The vulnerability does not affect confidentiality or integrity directly. The free5GC project has addressed this issue in a patch available in pull request 43 of the free5gc/nas repository. No direct workarounds exist at the application level, making patching the primary mitigation. No known exploits have been reported in the wild, but the potential impact on 5G core network availability is significant.
Potential Impact
The primary impact of this vulnerability is a denial of service condition in the 5G core network's AMF service, which is critical for managing user registration, mobility, and access control. A successful attack can cause the AMF to crash, disrupting network operations and potentially leading to service outages for subscribers relying on the affected 5G network. This can affect telecommunications providers deploying free5GC, especially those using it in production or test environments. The disruption could impact end-users' ability to connect or maintain sessions on the 5G network, affecting business continuity and user experience. Given the AMF's central role in 5G core architecture, prolonged outages could have cascading effects on other network functions and services. Although no known exploits are currently active, the vulnerability's remote and unauthenticated nature makes it a significant risk if weaponized. Organizations relying on free5GC must consider the operational and reputational risks associated with potential service disruptions.
Mitigation Recommendations
The definitive mitigation is to apply the official patch provided by the free5GC project, specifically the fix included in pull request 43 of the free5gc/nas repository. Organizations should update their AMF component to a version later than 1.4.1 where this vulnerability is resolved. In addition, network operators should implement network-level protections such as filtering and anomaly detection to identify and block malformed NAS Registration Requests that could exploit this vulnerability. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting malformed NAS messages can help mitigate exploitation attempts. Monitoring AMF service logs and network traffic for unusual registration request patterns can provide early warning signs of exploitation attempts. Since no application-level workarounds exist, patching remains the critical step. Operators should also ensure robust incident response plans are in place to quickly recover AMF services in case of a DoS event. Regular security audits and vulnerability scanning of 5G core components can help identify and remediate similar issues proactively.
Affected Countries
United States, China, South Korea, Japan, Germany, France, United Kingdom, India, Brazil, Australia, Canada, Italy, Spain
CVE-2025-69248: CWE-129: Improper Validation of Array Index in free5gc amf
Description
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, causing complete denial of service for the 5G core network. All deployments of free5GC using the AMF component may be affected. Pull request 43 of the free5gc/nas repo contains a fix. No direct workaround is available at the application level. Applying the official patch is recommended.
AI-Powered Analysis
Technical Analysis
The vulnerability identified as CVE-2025-69248 affects the Access and Mobility Management Function (AMF) component of free5GC, an open-source 5G core network implementation. The root cause is improper validation of array indices (CWE-129) when handling NAS Registration Requests, specifically those containing malformed 5GS Mobile Identities. This improper validation leads to a buffer overflow condition, which can be triggered remotely by unauthenticated attackers sending specially crafted NAS messages. Exploitation results in a crash of the AMF service, causing a denial of service (DoS) that disrupts the 5G core network's ability to manage user mobility and access. The vulnerability affects all free5GC AMF versions up to and including 1.4.1. The CVSS 4.0 base score is 6.6, reflecting medium severity due to network attack vector, no required privileges or user interaction, but with a high impact on availability. The vulnerability does not affect confidentiality or integrity directly. The free5GC project has addressed this issue in a patch available in pull request 43 of the free5gc/nas repository. No direct workarounds exist at the application level, making patching the primary mitigation. No known exploits have been reported in the wild, but the potential impact on 5G core network availability is significant.
Potential Impact
The primary impact of this vulnerability is a denial of service condition in the 5G core network's AMF service, which is critical for managing user registration, mobility, and access control. A successful attack can cause the AMF to crash, disrupting network operations and potentially leading to service outages for subscribers relying on the affected 5G network. This can affect telecommunications providers deploying free5GC, especially those using it in production or test environments. The disruption could impact end-users' ability to connect or maintain sessions on the 5G network, affecting business continuity and user experience. Given the AMF's central role in 5G core architecture, prolonged outages could have cascading effects on other network functions and services. Although no known exploits are currently active, the vulnerability's remote and unauthenticated nature makes it a significant risk if weaponized. Organizations relying on free5GC must consider the operational and reputational risks associated with potential service disruptions.
Mitigation Recommendations
The definitive mitigation is to apply the official patch provided by the free5GC project, specifically the fix included in pull request 43 of the free5gc/nas repository. Organizations should update their AMF component to a version later than 1.4.1 where this vulnerability is resolved. In addition, network operators should implement network-level protections such as filtering and anomaly detection to identify and block malformed NAS Registration Requests that could exploit this vulnerability. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures targeting malformed NAS messages can help mitigate exploitation attempts. Monitoring AMF service logs and network traffic for unusual registration request patterns can provide early warning signs of exploitation attempts. Since no application-level workarounds exist, patching remains the critical step. Operators should also ensure robust incident response plans are in place to quickly recover AMF services in case of a DoS event. Regular security audits and vulnerability scanning of 5G core components can help identify and remediate similar issues proactively.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-12-30T14:06:53.248Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 699ccae3be58cf853bccd9f8
Added to database: 2/23/2026, 9:47:15 PM
Last enriched: 2/23/2026, 10:01:56 PM
Last updated: 2/24/2026, 2:10:55 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-3053: Missing Authentication in DataLinkDC dinky
MediumCVE-2026-3052: Server-Side Request Forgery in DataLinkDC dinky
MediumCVE-2025-11846: CWE-476 NULL Pointer Dereference in Zyxel VMG3625-T50B firmware
MediumCVE-2025-11845: CWE-476 NULL Pointer Dereference in Zyxel VMG3625-T50B firmware
MediumCVE-2026-3051: Path Traversal in DataLinkDC dinky
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.