Cyber Resilience

CVE-2025-69248

MediumPublic PoC

Published: 23 February 2026

Published
23 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v4 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0048 65.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69248 is a medium-severity Improper Validation of Array Index (CWE-129) vulnerability in Free5Gc Amf. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-69248 is a buffer overflow vulnerability (CWE-129) in the AMF service of free5GC, an open-source implementation of 5G mobile core networks. It affects versions up to and including 1.4.1, where improper handling of input leads to a crash. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high availability impact with low complexity and no privileges required.

Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity to the AMF service. Successful exploitation crashes the AMF component, resulting in a complete denial of service for the entire 5G core network. All deployments of free5GC utilizing the AMF service are potentially vulnerable.

Advisories from the free5GC project, including GitHub security advisory GHSA-h6xc-8vvf-jcjp and issue #747, confirm no application-level workaround exists. Mitigation requires applying the official patch provided in pull request 43 of the free5gc/nas repository, corresponding to commit 0329a7ac3f314f210366c1b3c33dc29eded4ac5f.

EU & UK References

Vulnerability details

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service…

more

by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, causing complete denial of service for the 5G core network. All deployments of free5GC using the AMF component may be affected. Pull request 43 of the free5gc/nas repo contains a fix. No direct workaround is available at the application level. Applying the official patch is recommended.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in public-facing AMF enables remote unauthenticated exploitation causing application/system crash (DoS).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1974Same vendor: Free5Gc
CVE-2026-44319Same vendor: Free5Gc
CVE-2026-33064Same vendor: Free5Gc
CVE-2026-44325Same vendor: Free5Gc
CVE-2026-33191Same vendor: Free5Gc
CVE-2026-44321Same vendor: Free5Gc
CVE-2026-1739Same vendor: Free5Gc
CVE-2026-1975Same vendor: Free5Gc
CVE-2025-69232Same vendor: Free5Gc
CVE-2026-25501Same vendor: Free5Gc

Affected Assets

free5gc
amf
≤ 1.4.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the vulnerability by requiring timely application of the official patch to fix the buffer overflow in AMF's handling of malformed 5GS Mobile Identity.

prevent

Information input validation prevents the buffer overflow by enforcing bounds and format checks on the 5GS Mobile Identity field in NAS Registration Requests.

prevent

Denial-of-service protection mitigates the availability impact by implementing rate limiting or traffic filtering against repeated crafted NAS requests.

References