CVE-2025-69252
Published: 24 February 2026
Summary
CVE-2025-69252 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Free5Gc Udm. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 33.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the vulnerability by applying the official patch for the NULL pointer dereference in free5GC UDM.
Information input validation prevents crafted PUT requests with unexpected ueId values from triggering the null pointer dereference and service crash.
Denial-of-service protection mitigates the remote unauthenticated attack that crashes the UDM service, preserving availability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference in network-exposed UDM service directly enables remote unauthenticated exploitation causing service crash and DoS (T1499.004 Application or System Exploitation).
NVD Description
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial…
more
of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
Deeper analysisAI
CVE-2025-69252 is a NULL Pointer Dereference vulnerability (CWE-476) in the Unified Data Management (UDM) component of free5GC, an open-source project implementing 5th generation (5G) mobile core networks. The UDM service, which handles unified data management functions, is affected in versions up to and including 1.4.1. All deployments of free5GC that incorporate the UDM component are potentially vulnerable.
Remote unauthenticated attackers can exploit the vulnerability over the network by sending a crafted PUT request with an unexpected ueId value. This triggers a service panic, crashing the UDM service and causing a Denial of Service condition. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects high availability impact with low attack complexity and no privileges or user interaction required.
The free5GC security advisory (GHSA-v8cv-qvf6-9rpm) and issue tracker (#752) document the flaw, with a fix provided in pull request 76 and commit 504b14458d156558b3c0ade7107b86b3d5e72998 in the free5gc/udm repository. No direct workaround is available at the application level, and applying the official patch is recommended for mitigation.
Details
- CWE(s)