Cyber Resilience

CVE-2025-69250

MediumPublic PoC

Published: 24 February 2026

Published
24 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v4 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 34.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69250 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Free5Gc Udm. Its CVSS base score is 6.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Software (T1592.002); ranked at the 34.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-69250 is an information disclosure vulnerability in the Unified Data Management (UDM) component of free5GC, an open-source implementation of 5G mobile core networks. Affecting versions up to and including 1.4.1, the UDM service leaks detailed internal error messages, such as strconv.ParseInt parsing errors, to remote clients when processing invalid pduSessionId inputs via the Nudm_UECM DELETE service. This exposure of implementation details enables service fingerprinting and is associated with CWE-20 (Improper Input Validation) and CWE-754 (Improper Check for Unusual or Exceptional Conditions), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Any remote attacker with network access to a vulnerable free5GC UDM deployment can exploit this issue without authentication or user interaction by sending crafted requests with invalid pduSessionId values to the Nudm_UECM DELETE endpoint. Successful exploitation reveals sensitive internal error information, facilitating reconnaissance through service fingerprinting, though it does not enable direct data modification, denial of service, or further privilege escalation.

The free5GC security advisory (GHSA-6w77-5pqh-83rm) and related GitHub issue (#750) detail the flaw, with mitigation provided in udm pull request 76 and commit 504b14458d156558b3c0ade7107b86b3d5e72998. No application-level workaround exists, and applying the official patch is the recommended remediation for all affected deployments.

EU & UK References

Vulnerability details

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.ParseInt parsing errors) to remote…

more

clients when processing invalid pduSessionId inputs. This exposes implementation details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UECM DELETE service may be vulnerable. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1592.002 Software Reconnaissance
Adversaries may gather information about the victim's host software that can be used during targeting.
T1595.002 Vulnerability Scanning Reconnaissance
Adversaries may scan victims for vulnerabilities that can be used during targeting.
Why these techniques?

Info disclosure of internal errors via crafted unauthenticated requests directly enables remote service fingerprinting and software identification during active scanning/reconnaissance.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27642Same product: Free5Gc Udm
CVE-2026-33064Same product: Free5Gc Udm
CVE-2025-69252Same product: Free5Gc Udm
CVE-2026-33191Same product: Free5Gc Udm
CVE-2025-70123Same vendor: Free5Gc
CVE-2025-69232Same vendor: Free5Gc
CVE-2026-44316Same vendor: Free5Gc
CVE-2026-44322Same vendor: Free5Gc
CVE-2026-42459Same vendor: Free5Gc
CVE-2026-44325Same vendor: Free5Gc

Affected Assets

free5gc
udm
≤ 1.4.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-11 requires secure error handling that prevents disclosure of sensitive internal details like strconv.ParseInt errors to remote clients.

prevent

SI-10 mandates proper input validation for parameters like pduSessionId to avoid processing invalid inputs that trigger disclosing error messages.

prevent

SI-15 ensures filtering of information outputs, including error responses from the Nudm_UECM DELETE service, to block exposure of implementation details.

References