CVE-2025-70122 identifies a heap buffer overflow vulnerability in the User Plane Function (UPF) component of free5GC version 4.0.1, an open-source 5G core network implementation. The vulnerability arises in the SDFFilterFields.UnmarshalBinary function within the sdf-filter.go source file. This function processes PFCP (Packet Forwarding Control Protocol) Session Modification Requests, specifically handling filter fields that include a declared length parameter. The flaw occurs when the declared length exceeds the actual buffer capacity, leading to an out-of-bounds write on the heap. This causes a runtime panic in the Go runtime environment, crashing the UPF process. Since the UPF is critical for forwarding user data traffic in 5G networks, its crash results in denial of service (DoS) conditions. The vulnerability can be triggered remotely by sending a crafted PFCP Session Modification Request, which does not require prior authentication or user interaction, increasing the risk of exploitation. Although no public exploits are currently known, the nature of the vulnerability and its impact on core network availability make it a significant threat. The absence of a CVSS score suggests the need for a severity assessment based on impact and exploitability factors. The vulnerability affects deployments of free5GC v4.0.1, commonly used by telecom operators and enterprises implementing 5G core networks. The lack of patch links indicates that a fix may not yet be publicly available, emphasizing the need for immediate mitigation strategies.

For European organizations, particularly telecom operators and mobile network providers deploying free5GC as part of their 5G infrastructure, this vulnerability poses a serious risk to network availability and service continuity. A successful exploit can cause the UPF to crash, disrupting user plane traffic and potentially leading to widespread denial of service for subscribers. This can affect critical communications, emergency services, and enterprise connectivity relying on 5G networks. The disruption could also impact roaming services and inter-operator connectivity within Europe. Given the increasing reliance on 5G for industrial automation, IoT, and smart city applications, the operational impact could extend beyond traditional telecom services. Moreover, the ease of remote exploitation without authentication increases the threat landscape, potentially allowing malicious actors or state-sponsored groups to target European telecom infrastructure. The reputational damage and regulatory consequences under GDPR and NIS Directive for service outages further amplify the impact for affected organizations.

European organizations should immediately audit their 5G core network deployments to identify instances of free5GC v4.0.1 UPF components. Until an official patch is released, network operators should implement strict network-level filtering to block unauthorized or suspicious PFCP Session Modification Requests from untrusted sources. Deploying anomaly detection systems to monitor PFCP traffic for malformed or unusually large length fields can help detect exploitation attempts. Operators should consider isolating UPF instances in segmented network zones with limited exposure to external networks. Applying runtime protections such as heap overflow detection and process monitoring can enable rapid detection and recovery from crashes. Coordination with free5GC maintainers and timely application of patches once available is critical. Additionally, operators should prepare incident response plans to quickly restore UPF functionality and minimize service disruption. Engaging with national cybersecurity agencies for threat intelligence sharing and support is recommended. Finally, reviewing and hardening all 5G core components against similar input validation issues will improve overall resilience.