CVE-2025-69253
Received Received - Intake
Information Exposure via Improper Error Handling in free5GC NEF Component

Publication date: 2026-02-24

Last updated on: 2026-02-25

Assigner: GitHub, Inc.

Description
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be vulnerable. free5gc/udr pull request 56 contains a patch. No direct workaround is available at the application level. Applying the official patch is recommended.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-25
Generated
2026-05-07
AI Q&A
2026-02-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-69253
EUVD
EUVD-2025-207565
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
free5gc udr to 1.4.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-209 The product generates an error message that includes sensitive information about its environment, users, or associated data.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The recommended immediate step to mitigate this vulnerability is to apply the official patch provided in free5gc/udr pull request 56.

No direct workaround is available at the application level.


Can you explain this vulnerability to me?

This vulnerability affects the free5GC User Data Repository component, specifically versions up to and including 1.4.1. It involves improper error handling that causes the NEF component to leak detailed internal parsing error messages to remote clients. For example, error details like an invalid character after a top-level value are exposed. This information leakage can help attackers fingerprint the service, potentially aiding in further attacks.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing attackers to gain insights into the internal workings of the free5GC User Data Repository through leaked error messages. This information exposure can facilitate service fingerprinting, which may be used to identify weaknesses or plan targeted attacks against the 5G core network infrastructure. There is no direct workaround at the application level, so applying the official patch is recommended to mitigate this risk.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart