CVE-2025-69208
Received Received - Intake
Information Exposure via Improper Error Handling in free5GC UDR NEF

Publication date: 2026-02-23

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the Nnef_PfdManagement service may be affected. The NEF component reliably leaks internal parsing errors (e.g., invalid character 'n' after top-level value) to remote clients. This can aid attackers in fingerprinting server software and logic flows. Version 1.4.1 fixes the issue. There is no direct workaround at the application level. The recommended mitigation is to apply the provided patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-23
Last Modified
2026-02-25
Generated
2026-05-07
AI Q&A
2026-02-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-69208
EUVD
EUVD-2025-207611
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
free5gc udr to 1.4.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability exists in free5GC UDR, the user data repository for the free5GC 5G mobile core network project. Versions before 1.4.1 have an improper error handling issue that causes the NEF component to leak internal parsing error details to remote clients.

Specifically, error messages such as invalid character errors are exposed, which can help attackers fingerprint the server software and understand its internal logic.

This vulnerability is fixed in version 1.4.1, and there is no direct application-level workaround other than applying the patch.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to gain information about the internal workings of your free5GC UDR server through leaked error messages.

Such information exposure can aid attackers in fingerprinting the server software and its logic flows, potentially making it easier to craft targeted attacks.

While the vulnerability itself has a low CVSS score (2.7), the information leakage could be a stepping stone for more serious attacks.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The recommended mitigation is to apply the provided patch and upgrade free5GC UDR to version 1.4.1 or later.

There is no direct workaround at the application level.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart