Login Sign Up

CVE-2025-69208

5.3 MEDIUM

📋 TL;DR

The free5GC UDR component versions prior to 1.4.1 leak internal parsing error details to remote clients through the Nnef_PfdManagement service. This information exposure vulnerability allows attackers to fingerprint server software and understand internal logic flows. All deployments using the affected service are potentially vulnerable.

💻 Affected Systems

Products:
  • free5GC UDR
Versions: All versions prior to 1.4.1
Operating Systems: All platforms running free5GC
Default Config Vulnerable: ⚠️ Yes
Notes: Only deployments using the Nnef_PfdManagement service are affected. The vulnerability is in the UDR component of free5GC.

📦 What is this software?

Udr by Free5gc

View all CVEs affecting Udr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map internal server architecture, identify software versions, and use this reconnaissance to plan targeted attacks against the 5G core network.

🟠

Likely Case

Information leakage that reveals server implementation details, potentially aiding in further vulnerability discovery or targeted exploitation.

🟢

If Mitigated

With proper error handling, only generic error messages are returned, preventing information disclosure about internal server state.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malformed requests to trigger parsing errors. No authentication is required to receive the leaked error information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.1

Vendor Advisory: https://github.com/free5gc/free5gc/security/advisories/GHSA-f3pc-w7jp-4jh2

Restart Required: Yes

Instructions:

1. Update free5GC UDR to version 1.4.1 or later. 2. Apply the patch from commit 91bb34bd96e1c89b3fddca80db8b90049da61ebb. 3. Restart the UDR service.

🔧 Temporary Workarounds

No application-level workaround

all

The advisory states there is no direct workaround at the application level. The only effective mitigation is patching.

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to the Nnef_PfdManagement service
  • Deploy a WAF or reverse proxy to filter and sanitize error responses before they reach clients

🔍 How to Verify

Check if Vulnerable:

Check if UDR version is below 1.4.1 and if Nnef_PfdManagement service is enabled. Send malformed JSON requests to the service endpoint and check if detailed parsing errors are returned.

Check Version:

Check the free5GC UDR version in deployment configuration or via service logs

Verify Fix Applied:

After patching, send malformed requests to the Nnef_PfdManagement service and verify only generic error messages are returned without internal parsing details.

📡 Detection & Monitoring

Log Indicators:

  • Detailed parsing error messages in UDR logs containing internal error details
  • Multiple malformed requests to Nnef_PfdManagement endpoints

Network Indicators:

  • HTTP responses containing detailed JSON parsing error messages
  • Requests with malformed JSON payloads to UDR service endpoints

SIEM Query:

source="free5gc-udr" AND (message="invalid character" OR message="parsing error")

📊 Metadata

CVE ID: CVE-2025-69208
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-209
Published: February 23, 2026
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69208, you might also want to check these:

CVE-2025-62168 10.0

Squid caching proxy versions before 7.2 fail to properly redact HTTP authentication credentials in e...

Same vulnerability type (CWE-209)
CVE-2025-46658 9.8

CVE-2025-46658 is an information disclosure vulnerability in 4C Strategies ExonautWeb where verbose ...

Same vulnerability type (CWE-209)
CVE-2024-6980 9.8

A verbose error handling issue in the GravityZone Update Server proxy service allows attackers to pe...

Same vulnerability type (CWE-209)