CVE-2025-69252
Received Received - Intake
NULL Pointer Dereference in free5gc UDM Causes DoS Crash

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69252
EUVD
EUVD-2025-207566
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
free5gc udm to 1.4.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can cause the UDM service in free5GC to crash unexpectedly, leading to a Denial of Service (DoS).

Since the UDM is a critical component for managing subscriber data in 5G core networks, its unavailability can disrupt network operations and services relying on free5GC.

Attackers do not need to be authenticated to exploit this issue, increasing the risk of service disruption from remote sources.

Compliance Impact

I don't know

Executive Summary

CVE-2025-69252 is a high-severity NULL Pointer Dereference vulnerability in the Unified Data Management (UDM) component of free5GC, an open-source 5G mobile core network project.

This vulnerability affects versions up to and including 1.4.1 of free5GC UDM. Remote unauthenticated attackers can exploit this flaw by sending a specially crafted PUT request with an unexpected ueId, which causes the UDM service to crash due to a NULL pointer dereference.

The crash results in a service panic, effectively causing a Denial of Service (DoS) condition. There is no direct workaround at the application level, and the recommended mitigation is to apply the official patch provided in pull request #76.

Detection Guidance

This vulnerability can be detected by monitoring the UDM service for crashes or panics triggered by malformed PUT requests containing unexpected ueId values.

Since the vulnerability is triggered by a crafted PUT request, network traffic analysis tools can be used to detect suspicious PUT requests sent to the UDM component.

Specific commands are not provided in the available information, but general approaches include:

  • Using network packet capture tools like tcpdump or Wireshark to filter for PUT requests to the UDM service endpoint.
  • Checking system logs or service logs for unexpected crashes or panics of the UDM service.
Mitigation Strategies

The recommended immediate step is to apply the official patch provided in pull request #76 for free5gc/udm, which fixes the NULL Pointer Dereference vulnerability.

Upgrading to the next free5GC release that includes this fix is advised.

There is no direct application-level workaround available to mitigate this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69252. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart