CVE-2025-15156
Null Pointer Dereference in omec-project UPF PFCP Handler
Publication date: 2025-12-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| omec-project | upf | 2.1.3-dev |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in the omec-project UPF software (up to version 2.1.3-dev) in the function handleSessionEstablishmentRequest. It causes a null pointer dereference, which means the program tries to access or manipulate data through a pointer that is not properly initialized, leading to a crash or unexpected behavior. The flaw exists in the PFCP Session Establishment Request Handler component and can be exploited remotely.
How can this vulnerability impact me? :
The vulnerability can cause the affected software to crash or behave unexpectedly due to the null pointer dereference. Since the attack can be initiated remotely, it may lead to denial of service or disruption of the network functions relying on the omec-project UPF component. This could impact availability of services dependent on this software.