CVE-2025-65562 – CVE-2025-65562 is an unauthenticated denial-of-... (How to Fix)

Q: What is the severity of CVE-2025-65562?

CVE-2025-65562 has a CVSS score of 7.5 (HIGH). CVE-2025-65562 is an unauthenticated denial-of-service vulnerability in free5GC UPF where specially crafted PFCP Session Deletion Requests with large SEID values cause integer underflow and runtime crashes. This affects organizations using free5GC for 5G core network functions, allowing remote attackers to disrupt UPF services without authentication.

📋 TL;DR

CVE-2025-65562 is an unauthenticated denial-of-service vulnerability in free5GC UPF where specially crafted PFCP Session Deletion Requests with large SEID values cause integer underflow and runtime crashes. This affects organizations using free5GC for 5G core network functions, allowing remote attackers to disrupt UPF services without authentication.

💻 Affected Systems

Products:

free5GC UPF

Versions: v4.1.0 and potentially earlier versions

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with UPF component exposed to untrusted networks. Authentication is not required by default for PFCP requests.

📦 What is this software?

Free5gc by Free5gc

View all CVEs affecting Free5gc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained attacks could cause repeated UPF crashes, leading to extended service outages for 5G data plane functions and disruption of user connectivity.

🟠

Likely Case

Intermittent UPF crashes causing service disruptions, requiring manual restarts and potentially affecting 5G network reliability.

🟢

If Mitigated

With proper network segmentation and filtering, impact is limited to isolated network segments with minimal service disruption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit with basic network access to the UPF PFCP interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issue #731 for latest patched version

Vendor Advisory: https://github.com/free5gc/free5gc/issues/731

Restart Required: Yes

Instructions:

1. Monitor free5GC GitHub repository for patches. 2. Apply the patch to internal/pfcp/node.go. 3. Rebuild and restart free5GC UPF component.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict PFCP interface access to trusted N4 interface peers only

iptables -A INPUT -p udp --dport 8805 -s <trusted_peer> -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate UPF from untrusted networks
Deploy network intrusion prevention systems to detect and block malicious PFCP packets

🔍 How to Verify

Check if Vulnerable:

Check if free5GC UPF crashes when receiving PFCP Session Deletion Request with SEID 0xFFFFFFFFFFFFFFFF

Check Version:

Check free5GC version in deployment configuration or build information

Verify Fix Applied:

Test with malicious SEID values and verify UPF remains stable without panic

📡 Detection & Monitoring

Log Indicators:

Go runtime panic messages in free5GC logs
UPF process crashes and restarts
PFCP session deletion errors

Network Indicators:

Unusual PFCP Session Deletion Requests with maximum SEID values
Traffic spikes to UPF PFCP port 8805

SIEM Query:

source="free5gc.logs" AND "panic" AND "DeleteSess" OR source="free5gc.logs" AND "runtime error"

📊 Metadata

CVE ID: CVE-2025-65562

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-129

EPSS Score: 0.52% exploit probability (66.1th percentile)

Published: December 18, 2025

Last Updated: January 7, 2026

🔗 References

https://github.com/free5gc/free5gc/issues/731 Exploit,Issue Tracking,Third Party Advisory
https://github.com/free5gc/free5gc/issues/731 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65562, you might also want to check these: