Cyber Resilience

CVE-2025-69247

LowPublic PoC

Published: 23 February 2026

Published
23 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v4 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0025 48.1th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69247 is a low-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Free5Gc Go-Upf. Its CVSS base score is 2.7 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-69247 is a heap-based buffer overflow vulnerability (CWE-122) in the go-upf component of the free5GC project, which implements the User Plane Function (UPF) for 5G networks. Versions of go-upf prior to 1.2.8 are affected, where an invalid SDF Filter length field in a PFCP Session Modification Request triggers the overflow. This flaw carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact disruption without requiring authentication or user interaction.

Remote attackers can exploit this vulnerability by sending a specially crafted PFCP Session Modification Request to the vulnerable UPF deployment. Successful exploitation crashes the UPF network element, causing a denial of service that disrupts service for all connected user equipment (UEs). This may lead to cascading failures impacting the Session Management Function (SMF), affecting all free5GC deployments relying on the UPF component.

Mitigation is available in go-upf version 1.2.8, which addresses the issue through a specific code fix. Security practitioners should update to this version immediately, as detailed in the free5GC GitHub security advisory (GHSA-gf69-93xr-p23g), the associated issue tracker (#746), the fixing commit (b798fe5ee6a984be492fa53958dd5f1305469f85), and pull request #85.

EU & UK References

Vulnerability details

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the…

more

UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1498 Network Denial of Service Impact
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.
Why these techniques?

Remote unauthenticated exploitation of public-facing UPF via crafted PFCP messages directly enables T1190 (Exploit Public-Facing Application) and results in network service DoS matching T1498.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-69232Same product: Free5Gc Go-Upf
CVE-2025-70122Same vendor: Free5Gc
CVE-2026-42083Same vendor: Free5Gc
CVE-2026-44315Same vendor: Free5Gc
CVE-2026-44316Same vendor: Free5Gc
CVE-2026-44320Same vendor: Free5Gc
CVE-2026-44326Same vendor: Free5Gc
CVE-2026-44327Same vendor: Free5Gc
CVE-2026-44329Same vendor: Free5Gc
CVE-2026-40246Same vendor: Free5Gc

Affected Assets

free5gc
go-upf
≤ 1.2.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the heap buffer overflow by requiring timely remediation through patching to go-upf version 1.2.8.

prevent

Requires validation of PFCP Session Modification Request inputs, such as the SDF Filter length field, to prevent buffer overflows from invalid data.

prevent

Implements memory protections that safeguard against heap-based buffer overflows like CWE-122, preventing crashes from malformed inputs.

References