CVE-2025-69253 affects the User Data Repository (udr) component of free5GC, an open-source 5G core network implementation. The vulnerability arises from improper error handling (CWE-209) where the NEF component leaks detailed internal parsing error messages to unauthenticated remote clients. For example, error messages such as "invalid character 'n' after top-level value" are returned, revealing internal processing details. This occurs in versions up to and including 1.4.1, specifically impacting the Nnef_PfdManagement service. Such detailed error messages can aid attackers in service fingerprinting, reconnaissance, and potentially facilitate further exploitation by revealing implementation details or parsing logic. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The issue is addressed by a patch available in free5gc/udr pull request 56, which removes or sanitizes sensitive error information from responses. No direct workaround exists at the application level, so applying the official patch is the recommended remediation. The CVSS 4.0 base score is 6.6 (medium severity), reflecting the vulnerability's impact on confidentiality due to information exposure, ease of exploitation, and lack of authentication requirements. No known active exploits have been reported to date.

The primary impact of this vulnerability is information disclosure that can aid attackers in fingerprinting the free5GC udr service and understanding its internal parsing mechanisms. This reconnaissance can facilitate more targeted attacks against 5G core network infrastructure, potentially leading to further exploitation or disruption. Since free5GC is used in 5G mobile core networks, exploitation could compromise the confidentiality of network operations and user data indirectly by enabling attackers to craft more effective attacks. Although this vulnerability does not directly allow code execution or denial of service, the leaked information reduces the security posture of affected deployments. Organizations deploying free5GC udr in production environments, especially telecommunications providers and infrastructure operators, face increased risk of targeted attacks and should prioritize remediation to maintain network security and trust.

1. Apply the official patch from free5gc/udr pull request 56 immediately to eliminate sensitive error message leakage. 2. Restrict network access to the Nnef_PfdManagement service using network segmentation and firewall rules to limit exposure to trusted entities only. 3. Implement monitoring and alerting for unusual or repeated error message requests that may indicate reconnaissance activity. 4. Conduct regular security assessments and code reviews of free5GC components to identify and remediate similar error handling issues. 5. Consider deploying Web Application Firewalls (WAFs) or API gateways that can sanitize error messages before they reach external clients. 6. Maintain up-to-date software versions and subscribe to free5GC security advisories to promptly address future vulnerabilities. 7. Educate operational teams about the risks of information leakage and the importance of minimizing error detail exposure in production environments.