CVE-2025-69250
Published: 24 February 2026
Summary
CVE-2025-69250 is a high-severity Improper Input Validation (CWE-20) vulnerability in Free5Gc Udm. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Software (T1592.002); ranked at the 33.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.
Requires detection and response to audit logging failures as an unusual or exceptional condition.
Implements detection of unusual or exceptional conditions followed by safe mode entry, reducing the window for exploitation of unchecked conditions.
Training ensures users perform required checks for unusual or exceptional conditions as part of contingency roles, limiting attacker leverage from skipped validations.
IR testing directly validates checks for unusual or exceptional conditions that could indicate security incidents.
Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.
Requires ongoing monitoring of organization-defined metrics and analysis, enabling checks for unusual or exceptional conditions.
Requires detection of unusual conditions followed by a controlled transition to the defined failure state.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Info disclosure of internal errors via crafted unauthenticated requests directly enables remote service fingerprinting and software identification during active scanning/reconnaissance.
NVD Description
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.ParseInt parsing errors) to remote…
more
clients when processing invalid pduSessionId inputs. This exposes implementation details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UECM DELETE service may be vulnerable. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
Deeper analysisAI
CVE-2025-69250 is an information disclosure vulnerability in the Unified Data Management (UDM) component of free5GC, an open-source implementation of 5G mobile core networks. Affecting versions up to and including 1.4.1, the UDM service leaks detailed internal error messages, such as strconv.ParseInt parsing errors, to remote clients when processing invalid pduSessionId inputs via the Nudm_UECM DELETE service. This exposure of implementation details enables service fingerprinting and is associated with CWE-20 (Improper Input Validation) and CWE-754 (Improper Check for Unusual or Exceptional Conditions), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Any remote attacker with network access to a vulnerable free5GC UDM deployment can exploit this issue without authentication or user interaction by sending crafted requests with invalid pduSessionId values to the Nudm_UECM DELETE endpoint. Successful exploitation reveals sensitive internal error information, facilitating reconnaissance through service fingerprinting, though it does not enable direct data modification, denial of service, or further privilege escalation.
The free5GC security advisory (GHSA-6w77-5pqh-83rm) and related GitHub issue (#750) detail the flaw, with mitigation provided in udm pull request 76 and commit 504b14458d156558b3c0ade7107b86b3d5e72998. No application-level workaround exists, and applying the official patch is the recommended remediation for all affected deployments.
Details
- CWE(s)