CVE-2025-69248
Published: 23 February 2026
Summary
CVE-2025-69248 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Free5Gc Amf. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing AMF enables remote unauthenticated exploitation causing application/system crash (DoS).
NVD Description
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service…
more
by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, causing complete denial of service for the 5G core network. All deployments of free5GC using the AMF component may be affected. Pull request 43 of the free5gc/nas repo contains a fix. No direct workaround is available at the application level. Applying the official patch is recommended.
Deeper analysisAI
CVE-2025-69248 is a buffer overflow vulnerability (CWE-129) in the AMF service of free5GC, an open-source implementation of 5G mobile core networks. It affects versions up to and including 1.4.1, where improper handling of input leads to a crash. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high availability impact with low complexity and no privileges required.
Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity to the AMF service. Successful exploitation crashes the AMF component, resulting in a complete denial of service for the entire 5G core network. All deployments of free5GC utilizing the AMF service are potentially vulnerable.
Advisories from the free5GC project, including GitHub security advisory GHSA-h6xc-8vvf-jcjp and issue #747, confirm no application-level workaround exists. Mitigation requires applying the official patch provided in pull request 43 of the free5gc/nas repository, corresponding to commit 0329a7ac3f314f210366c1b3c33dc29eded4ac5f.
Details
- CWE(s)