The vulnerability identified as CVE-2025-69252 affects the Unified Data Management (UDM) component of free5GC, an open-source implementation of the 5G core network. The issue is a NULL Pointer Dereference (CWE-476) that occurs when the UDM service processes a crafted PUT request containing an unexpected ueId value. This malformed input causes the UDM process to dereference a NULL pointer, leading to a service panic and crash. Since the UDM is a critical network function responsible for managing subscriber data and authentication in 5G networks, its unavailability can disrupt core network operations. The vulnerability requires no authentication or user interaction, making it remotely exploitable by any attacker with network access to the UDM service endpoint. The affected versions include all free5GC UDM releases up to and including version 1.4.1. The free5gc/udm project has addressed this issue in pull request 76, which corrects the input validation and pointer handling to prevent the NULL dereference. No alternative mitigations at the application level exist, so applying the official patch is essential. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U) indicates network attack vector, low complexity, no privileges or user interaction required, no impact on confidentiality or integrity, but high impact on availability due to service crash. There are no known exploits in the wild as of the published date.

This vulnerability primarily impacts the availability of the UDM service within free5GC 5G core network deployments. A successful exploit results in a denial of service by crashing the UDM component, which can disrupt subscriber data management, authentication, and other critical 5G core functions. For telecommunications providers and enterprises relying on free5GC for 5G network infrastructure, this can lead to service outages, degraded network performance, and potential loss of customer trust. The ease of remote exploitation without authentication increases the risk of opportunistic attacks. While confidentiality and integrity are not directly affected, the unavailability of UDM can have cascading effects on network operations and service delivery. Given the growing adoption of open-source 5G core solutions, the impact could be significant in environments where free5GC is deployed in production or testing. The lack of a workaround means that unpatched systems remain vulnerable until the fix is applied, increasing exposure time.

Organizations using free5GC UDM should immediately review their deployments to identify affected versions (<=1.4.1). The primary mitigation is to apply the official patch provided in free5gc/udm pull request 76, which addresses the NULL pointer dereference by improving input validation and error handling. Network administrators should restrict access to the UDM service endpoint using network segmentation and firewall rules to limit exposure to untrusted networks. Monitoring and alerting on UDM service crashes or unusual PUT request patterns can help detect exploitation attempts. In environments where immediate patching is not possible, consider deploying upstream protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block malformed requests targeting the UDM. Regularly update and audit free5GC components to ensure all security patches are applied promptly. Additionally, maintain incident response plans specific to 5G core network components to quickly address service disruptions.