The vulnerability CVE-2025-69248 affects the Access and Mobility Management Function (AMF) component of free5GC, an open-source 5G core network implementation. The root cause is improper validation of array indices (CWE-129) when handling the 5GS Mobile Identity field within NAS Registration Requests. Specifically, the AMF service does not adequately check the bounds of an array before accessing it, leading to a buffer overflow condition. This flaw can be triggered remotely by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, without requiring any authentication or user interaction. Exploiting this vulnerability causes the AMF service to crash, resulting in a denial of service for the 5G core network relying on free5GC. The impact is significant because the AMF is a critical component responsible for managing mobility and session states in 5G networks. The vulnerability affects all free5GC AMF versions up to and including 1.4.1. The free5GC project has addressed this issue in pull request 43 of the free5gc/nas repository, which includes proper bounds checking to prevent buffer overflow. No direct application-level workarounds are available, so applying the official patch is the recommended mitigation. The CVSS v4.0 score is 6.6 (medium severity), reflecting the network attack vector, no required privileges or user interaction, but a high impact on availability. No known exploits have been reported in the wild yet, but the vulnerability poses a risk to any organization deploying free5GC AMF in production 5G core networks.

The primary impact of this vulnerability is a denial of service condition on the AMF service, which is a critical component of the 5G core network. Disruption of the AMF can lead to loss of mobility management, session establishment, and overall network availability for subscribers relying on the affected 5G core. This can degrade or completely halt 5G network services, affecting end users and dependent applications. Since the vulnerability can be exploited remotely without authentication, attackers can launch DoS attacks from anywhere on the network, potentially causing widespread outages. Organizations deploying free5GC AMF in production environments, including telecom operators, private 5G network providers, and research institutions, face operational risks and potential service-level agreement breaches. The inability to process legitimate NAS Registration Requests may also impact subscriber onboarding and mobility, leading to customer dissatisfaction and revenue loss. Although no data confidentiality or integrity impact is indicated, the availability impact alone is significant for critical 5G infrastructure.

The definitive mitigation is to apply the official patch provided in pull request 43 of the free5gc/nas repository, which corrects the improper array index validation and prevents buffer overflow. Organizations should upgrade their free5GC AMF component to a version later than 1.4.1 that includes this fix. Until patching is possible, network operators should implement network-level protections such as filtering or rate limiting NAS Registration Requests from untrusted sources to reduce exposure. Monitoring and alerting on AMF service crashes or abnormal NAS message patterns can help detect exploitation attempts early. Deploying intrusion detection systems (IDS) with signatures for malformed NAS messages may provide additional defense. It is also advisable to isolate the AMF service within secure network segments and restrict access to trusted management and signaling networks. Regularly auditing and updating open-source 5G core components is critical to maintain security posture. Finally, organizations should prepare incident response plans for potential DoS events impacting 5G core services.