{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69252", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-12-30T14:07:33.387Z", "datePublished": "2026-02-23T23:56:55.889Z", "dateUpdated": "2026-02-25T16:21:01.934Z"}, "containers": {"cna": {"title": "free5GC has Null Pointer Dereference in UDM, Leading to Service Panic", "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/free5gc/free5gc/security/advisories/GHSA-v8cv-qvf6-9rpm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-v8cv-qvf6-9rpm"}, {"name": "https://github.com/free5gc/free5gc/issues/752", "tags": ["x_refsource_MISC"], "url": "https://github.com/free5gc/free5gc/issues/752"}, {"name": "https://github.com/free5gc/udm/pull/76", "tags": ["x_refsource_MISC"], "url": "https://github.com/free5gc/udm/pull/76"}, {"name": "https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998", "tags": ["x_refsource_MISC"], "url": "https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998"}], "affected": [{"vendor": "free5gc", "product": "udm", "versions": [{"version": "<= 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-23T23:56:55.889Z"}, "descriptions": [{"lang": "en", "value": "free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended."}], "source": {"advisory": "GHSA-v8cv-qvf6-9rpm", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T16:20:08.049899Z", "id": "CVE-2025-69252", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T16:21:01.934Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*", "matchCriteriaId": "D54382D2-F895-4384-9D82-597709AAE7A7", "versionEndIncluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended."}, {"lang": "es", "value": "free5gc UDM proporciona Gesti\u00f3n Unificada de Datos (UDM) para free5GC, un proyecto de c\u00f3digo abierto para redes centrales m\u00f3viles de 5\u00aa generaci\u00f3n (5G). Las versiones hasta la 1.4.1 inclusive tienen una vulnerabilidad de desreferencia de puntero NULL. Atacantes remotos no autenticados pueden desencadenar un p\u00e1nico del servicio (Denegaci\u00f3n de servicio) enviando una solicitud PUT manipulada con un ueId inesperado, lo que provoca la ca\u00edda del servicio UDM. Todas las implementaciones de free5GC que utilizan el componente UDM pueden verse afectadas. La solicitud de extracci\u00f3n 76 de free5gc/udm contiene una correcci\u00f3n para el problema. No hay una soluci\u00f3n alternativa directa disponible a nivel de aplicaci\u00f3n. Se recomienda aplicar el parche oficial."}], "id": "CVE-2025-69252", "lastModified": "2026-02-25T16:46:15.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-24T00:16:18.707", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/free5gc/free5gc/issues/752"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-v8cv-qvf6-9rpm"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/free5gc/udm/pull/76"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "udm", "source": "cna", "vendor": "free5gc"}, "product": "udm", "vendor": "free5gc"}], "created": "2026-02-24T09:54:29.152596+00:00", "updated": "2026-02-24T09:54:29.152682+00:00", "vendors": ["free5gc", "free5gc$PRODUCT$udm"]}