CVE-2025-70122
Published: 13 February 2026
Summary
CVE-2025-70122 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Free5Gc Free5Gc. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 42.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Deeper analysis
CVE-2025-70122 is a heap buffer overflow vulnerability in the UPF component of free5GC version 4.0.1. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a declared length that exceeds the actual buffer capacity, resulting in a runtime panic and UPF crash. Published on 2026-02-13 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and mapped to CWE-122, it enables remote denial of service via a crafted PFCP Session Modification Request.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted PFCP Session Modification Request, attackers can trigger the buffer overflow, causing a runtime panic that crashes the UPF component and disrupts service availability.
Mitigation details are available in the GitHub issue at https://github.com/free5gc/free5gc/issues/746.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207534
Vulnerability details
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a declared…
more
length that exceeds the actual buffer capacity, leading to a runtime panic and UPF crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in network-facing UPF component triggers remote crash/panic on crafted PFCP message, directly mapping to application/system exploitation for DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of PFCP Session Modification Request lengths and structures to prevent heap buffer overflows during unmarshaling in SDFFilterFields.UnmarshalBinary.
Mandates timely identification, reporting, and remediation of the specific heap buffer overflow flaw in free5GC v4.0.1 UPF component.
Ensures error handling for buffer capacity exceedances prevents runtime panics and UPF crashes instead of compromising availability.