CVE-2025-69247
Published: 23 February 2026
Summary
CVE-2025-69247 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Free5Gc Go-Upf. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of public-facing UPF via crafted PFCP messages directly enables T1190 (Exploit Public-Facing Application) and results in network service DoS matching T1498.
NVD Description
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the…
more
UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.
Deeper analysisAI
CVE-2025-69247 is a heap-based buffer overflow vulnerability (CWE-122) in the go-upf component of the free5GC project, which implements the User Plane Function (UPF) for 5G networks. Versions of go-upf prior to 1.2.8 are affected, where an invalid SDF Filter length field in a PFCP Session Modification Request triggers the overflow. This flaw carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact disruption without requiring authentication or user interaction.
Remote attackers can exploit this vulnerability by sending a specially crafted PFCP Session Modification Request to the vulnerable UPF deployment. Successful exploitation crashes the UPF network element, causing a denial of service that disrupts service for all connected user equipment (UEs). This may lead to cascading failures impacting the Session Management Function (SMF), affecting all free5GC deployments relying on the UPF component.
Mitigation is available in go-upf version 1.2.8, which addresses the issue through a specific code fix. Security practitioners should update to this version immediately, as detailed in the free5GC GitHub security advisory (GHSA-gf69-93xr-p23g), the associated issue tracker (#746), the fixing commit (b798fe5ee6a984be492fa53958dd5f1305469f85), and pull request #85.
Details
- CWE(s)