CVE-2026-2525
Published: 16 February 2026
Summary
CVE-2026-2525 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Free5Gc Free5Gc. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.
Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.
Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes remote unauthenticated exploitation of a PFCP UDP service (via crafted packets) that directly triggers a denial-of-service condition (CWE-404), matching the definition of Application or System Exploitation under Endpoint Denial of Service.
NVD Description
A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to…
more
the public and may be used.
Deeper analysisAI
CVE-2026-2525 is a vulnerability discovered in Free5GC versions up to 4.1.0, affecting an unknown function within the PFCP UDP Endpoint component. Manipulation of this function leads to a denial of service condition. The issue is classified under CWE-404 and has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low impact on availability and no effects on confidentiality or integrity. It was published on 2026-02-16.
The vulnerability enables remote exploitation without requiring user interaction or privileges. Attackers can trigger the denial of service by sending manipulated packets to the PFCP UDP Endpoint, potentially disrupting service availability for affected Free5GC deployments.
References include the Free5GC GitHub repository (https://github.com/free5gc/free5gc/) and specific issues #796 (https://github.com/free5gc/free5gc/issues/796 and https://github.com/free5gc/free5gc/issues/796#issue-3812169865), along with VulDB entries (https://vuldb.com/?ctiid.346113 and https://vuldb.com/?id.346113). The exploit has been publicly disclosed and may be used, though no specific patch or mitigation details are outlined in the provided description.
Details
- CWE(s)