Executive Summary

CVE-2025-60633 is a vulnerability in the free5GC UDM (Unified Data Management) component, specifically in the Nudm_SubscriberDataManagement API. When a GET request is made with a non-existent UE ID, the UDM incorrectly returns a 500 Internal Server Error instead of the expected 404 Not Found error. This happens because the UDM fails to properly handle and parse the 404 error response from the Unified Data Repository (UDR), leading to a generic system failure response. The root cause is inadequate error handling in the UDM's OpenAPI client. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause denial of service conditions by returning incorrect 500 Internal Server Errors when a non-existent UE ID is queried. This improper error handling can disrupt normal operations and degrade the reliability of the free5GC system, potentially affecting service availability and user experience. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by sending a GET request to the Nudm_SubscriberDataManagement API endpoint `/nudm-sdm/v2/{ueId}/id-translation-result` with a non-existent UE ID. If the UDM returns a 500 Internal Server Error instead of the expected 404 Not Found, the vulnerability is present. For example, you can use the following curl command to test: `curl -i -X GET http://<udm-host>/nudm-sdm/v2/nonexistent-ueid/id-translation-result`. Observing a 500 response indicates the issue. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves avoiding reliance on the affected versions of free5GC (v4.0.0 and v4.0.1) until a fix is applied. Since the issue is due to improper error handling in the UDM component, applying the patch that enhances the OpenAPI client to properly handle 404 responses is necessary. In the meantime, monitoring for unexpected 500 errors from the Nudm_SDM API and restricting access to this API endpoint to trusted sources can reduce exploitation risk. [1]

Useful 0 Not Useful 0