CVE-2025-65561 – A vulnerability in free5GC's LocalNode.Sess fun... (How to Fix)

Q: What is the severity of CVE-2025-65561?

CVE-2025-65561 has a CVSS score of 7.5 (HIGH). A vulnerability in free5GC's LocalNode.Sess function allows attackers to send crafted PFCP Session Modification Requests with malicious Local SEID headers, causing denial of service or other impacts. This affects free5GC deployments using version 4.1.0, particularly those exposed to untrusted networks.

📋 TL;DR

A vulnerability in free5GC's LocalNode.Sess function allows attackers to send crafted PFCP Session Modification Requests with malicious Local SEID headers, causing denial of service or other impacts. This affects free5GC deployments using version 4.1.0, particularly those exposed to untrusted networks.

💻 Affected Systems

Products:

free5GC

Versions: 4.1.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using the vulnerable PFCP session handling functionality.

📦 What is this software?

Free5gc by Free5gc

View all CVEs affecting Free5gc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the free5GC instance, potentially affecting all connected user equipment and network functions.

🟠

Likely Case

Service degradation or crashes of specific PFCP sessions, leading to partial service disruption.

🟢

If Mitigated

Minimal impact if network segmentation and input validation controls are properly implemented.

🌐 Internet-Facing: HIGH - PFCP interfaces are typically network-facing and could be exposed to external attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted PFCP packets but doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in free5GC versions after 4.1.0

Vendor Advisory: https://github.com/free5gc/free5gc/issues/730

Restart Required: Yes

Instructions:

1. Update free5GC to latest version. 2. Apply patches from referenced GitHub PRs. 3. Restart free5GC services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to PFCP interfaces to trusted networks only

iptables -A INPUT -p udp --dport 8805 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit PFCP interface exposure
Deploy intrusion detection/prevention systems to monitor for anomalous PFCP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check if running free5GC version 4.1.0 and review PFCP session handling code for the vulnerable LocalNode.Sess function

Check Version:

free5gc version

Verify Fix Applied:

Verify free5GC version is updated beyond 4.1.0 and test PFCP session modification requests with various SEID values

📡 Detection & Monitoring

Log Indicators:

Unexpected PFCP session modification failures
free5GC service crashes or restarts
Malformed PFCP packet logs

Network Indicators:

Unusual PFCP traffic patterns
Multiple PFCP session modification requests from single source
PFCP packets with malformed SEID headers

SIEM Query:

source="free5gc" AND ("PFCP" AND ("modification" OR "SEID")) AND severity>=medium

📊 Metadata

CVE ID: CVE-2025-65561

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.07% exploit probability (20.8th percentile)

Published: December 18, 2025

Last Updated: January 7, 2026

🔗 References

https://github.com/free5gc/free5gc/issues/730 Exploit,Issue Tracking,Third Party Advisory
https://github.com/free5gc/go-upf/pull/80 Issue Tracking
https://github.com/free5gc/free5gc/issues/730 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65561, you might also want to check these: