CVE-2025-69247 – A heap-based buffer overflow vulnerability in f... (How to Fix)

Q: What is the severity of CVE-2025-69247?

CVE-2025-69247 has a CVSS score of 7.5 (HIGH). A heap-based buffer overflow vulnerability in free5GC go-upf versions before 1.2.8 allows remote attackers to cause denial of service by sending specially crafted PFCP Session Modification Requests with invalid SDF Filter length fields. This affects all deployments using the vulnerable UPF component, potentially disrupting service for all connected UEs and causing cascading failures to the SMF.

📋 TL;DR

A heap-based buffer overflow vulnerability in free5GC go-upf versions before 1.2.8 allows remote attackers to cause denial of service by sending specially crafted PFCP Session Modification Requests with invalid SDF Filter length fields. This affects all deployments using the vulnerable UPF component, potentially disrupting service for all connected UEs and causing cascading failures to the SMF.

💻 Affected Systems

Products:

free5GC go-upf

Versions: All versions prior to 1.2.8

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the UPF component are affected regardless of configuration.

📦 What is this software?

Go Upf by Free5gc

View all CVEs affecting Go Upf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete UPF service disruption affecting all connected UEs, potential cascading failures to SMF, and extended 5G network downtime requiring manual recovery.

🟠

Likely Case

UPF crash causing service disruption for connected UEs until manual restart, with potential brief SMF impact.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted PFCP packets to the UPF interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.8

Vendor Advisory: https://github.com/free5gc/free5gc/security/advisories/GHSA-gf69-93xr-p23g

Restart Required: Yes

Instructions:

1. Stop the go-upf service. 2. Update to version 1.2.8 using 'go get github.com/free5gc/go-upf@v1.2.8'. 3. Rebuild and redeploy. 4. Restart the service.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict PFCP traffic to trusted sources only using firewall rules.

iptables -A INPUT -p udp --dport 8805 -s <trusted_ip> -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to limit PFCP traffic to trusted SMF nodes only.
Deploy network monitoring to detect anomalous PFCP packets and implement rate limiting.

🔍 How to Verify

Check if Vulnerable:

Check go-upf version: 'go-upf --version' should show version <1.2.8.

Check Version:

go-upf --version

Verify Fix Applied:

Verify version is 1.2.8 or higher and monitor for crashes after applying patch.

📡 Detection & Monitoring

Log Indicators:

UPF process crashes
Segmentation fault errors in logs
Abnormal termination messages

Network Indicators:

PFCP Session Modification Requests with unusual length fields
Sudden drop in UPF traffic

SIEM Query:

source="go-upf.log" AND ("segmentation fault" OR "panic" OR "crash")

📊 Metadata

CVE ID: CVE-2025-69247

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-122

Published: February 23, 2026

Last Updated: February 25, 2026

🔗 References

https://github.com/free5gc/free5gc/issues/746 Exploit,Issue Tracking,Patch,Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-gf69-93xr-p23g Patch,Vendor Advisory
https://github.com/free5gc/go-upf/commit/b798fe5ee6a984be492fa53958dd5f1305469f85 Patch
https://github.com/free5gc/go-upf/pull/85 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69247, you might also want to check these: