CVE-2025-29646

An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

History

09 Jul 2025, 18:27

Type Values Removed Values Added
References () https://gist.github.com/scmdcs/581fa485f957239ea5551daa173d0189 - () https://gist.github.com/scmdcs/581fa485f957239ea5551daa173d0189 - Exploit, Third Party Advisory
References () https://github.com/open5gs/open5gs/issues/3747 - () https://github.com/open5gs/open5gs/issues/3747 - Exploit, Issue Tracking
First Time Open5gs open5gs
Open5gs
CPE cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

20 Jun 2025, 13:15

Type Values Removed Values Added
Summary
  • (es) Un problema en upf en open5gs 2.7.2 y versiones anteriores permite que un atacante remoto provoque una denegación de servicio a través de un paquete PFCP SessionEstablishmentRequest manipulado con indicación de restauración = verdadero y (teid = 0 o teid >= ogs_pfcp_pdr_teid_pool.size).
References
  • {'url': 'https://gist.github.com/scemodicecosa/581fa485f957239ea5551daa173d0189', 'source': 'cve@mitre.org'}
  • () https://gist.github.com/scmdcs/581fa485f957239ea5551daa173d0189 -

18 Jun 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-18 18:15

Updated : 2025-07-09 18:27


NVD link : CVE-2025-29646

Mitre link : CVE-2025-29646

CVE.ORG link : CVE-2025-29646


JSON object : View

Products Affected

open5gs

  • open5gs
CWE
CWE-20

Improper Input Validation