CVE-2025-70123 identifies a protocol compliance and input validation vulnerability in free5GC version 4.0.1, specifically within the User Plane Function (UPF) component. The vulnerability arises because the UPF improperly accepts malformed PFCP (Packet Forwarding Control Protocol) Association Setup Requests, which violates the 3GPP TS 29.244 standard that governs PFCP message formats and behaviors. When the UPF processes such a malformed request, it transitions into an inconsistent internal state. This corrupted state causes a cascading failure upon receipt of a subsequent valid PFCP Session Establishment Request, which is critical for establishing user sessions in the 5G core network. The failure disrupts the connection between the UPF and the Session Management Function (SMF), leading to denial of service conditions and degradation of 5G network services. The vulnerability can be exploited remotely by attackers capable of sending crafted PFCP messages to the UPF, without requiring authentication or user interaction. Although no exploits have been reported in the wild yet, the vulnerability poses a significant risk to 5G core network stability, especially in deployments using free5GC or similar open-source 5G core network implementations. The lack of a CVSS score necessitates an independent severity assessment based on the impact on confidentiality, integrity, and availability, ease of exploitation, and scope of affected systems.

For European organizations, particularly telecom operators and service providers deploying free5GC or similar open-source 5G core network solutions, this vulnerability could lead to significant service disruptions. The denial of service condition affects the availability of 5G network functions, potentially causing widespread degradation or outages of mobile broadband and critical communications services. This can impact consumer and enterprise customers relying on 5G connectivity for business operations, IoT applications, and emergency services. The disruption of the SMF-UPF connection could also affect network slicing and quality of service enforcement, undermining network reliability and trust. Given the increasing reliance on 5G infrastructure across Europe, the vulnerability could have cascading effects on digital services, smart city deployments, and industrial automation. Additionally, the remote exploitability without authentication increases the risk of attacks originating from external threat actors, including cybercriminals or state-sponsored groups targeting European telecom infrastructure.

European organizations should implement the following specific mitigations: 1) Immediately audit and monitor PFCP traffic to detect malformed Association Setup Requests and anomalous PFCP message patterns targeting the UPF. 2) Apply patches or updates from free5GC maintainers as soon as they become available that enforce strict PFCP message validation and protocol compliance. 3) Implement network-level filtering and rate limiting on PFCP traffic to restrict unauthorized or suspicious message flows to the UPF. 4) Deploy anomaly detection systems focused on 5G control plane protocols to identify early signs of exploitation attempts. 5) Conduct thorough testing of 5G core network components under malformed PFCP message conditions to validate robustness. 6) Collaborate with vendors and open-source communities to accelerate vulnerability remediation and share threat intelligence. 7) Consider network segmentation and isolation of critical 5G core functions to limit the impact of potential exploitation. 8) Maintain incident response readiness specifically tailored to 5G core network disruptions.