An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).
References
Link | Resource |
---|---|
https://gist.github.com/scmdcs/581fa485f957239ea5551daa173d0189 | Exploit Third Party Advisory |
https://github.com/open5gs/open5gs/issues/3747 | Exploit Issue Tracking |
Configurations
History
09 Jul 2025, 18:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/scmdcs/581fa485f957239ea5551daa173d0189 - Exploit, Third Party Advisory | |
References | () https://github.com/open5gs/open5gs/issues/3747 - Exploit, Issue Tracking | |
First Time |
Open5gs open5gs
Open5gs |
|
CPE | cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:* |
20 Jun 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
|
18 Jun 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-18 18:15
Updated : 2025-07-09 18:27
NVD link : CVE-2025-29646
Mitre link : CVE-2025-29646
CVE.ORG link : CVE-2025-29646
JSON object : View
Products Affected
open5gs
- open5gs
CWE
CWE-20
Improper Input Validation