CVE-2025-69253
Received Received - Intake
Information Exposure via Improper Error Handling in free5GC NEF Component

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be vulnerable. free5gc/udr pull request 56 contains a patch. No direct workaround is available at the application level. Applying the official patch is recommended.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69253
EUVD
EUVD-2025-207565
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
free5gc udr to 1.4.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the free5GC User Data Repository component, specifically versions up to and including 1.4.1. It involves improper error handling that causes the NEF component to leak detailed internal parsing error messages to remote clients. For example, error details like an invalid character after a top-level value are exposed. This information leakage can help attackers fingerprint the service, potentially aiding in further attacks.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to apply the official patch provided in free5gc/udr pull request 56.

No direct workaround is available at the application level.

Impact Analysis

The vulnerability can impact you by allowing attackers to gain insights into the internal workings of the free5GC User Data Repository through leaked error messages. This information exposure can facilitate service fingerprinting, which may be used to identify weaknesses or plan targeted attacks against the 5G core network infrastructure. There is no direct workaround at the application level, so applying the official patch is recommended to mitigate this risk.

Compliance Impact

I don't know

Detection Guidance

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart