free5GC 4.1.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:free5gc:free5gc:4.1.0:*:*:*:*:*:*:*

part: a version: 4.1.0 update: *

VendorFree5Gc (77fcf67d-849c-57a8-9f49-9d3927749b22)
ProductFree5Gc (f2b73a29-83cd-59ab-bdd5-57df499b831c)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/free5gc/free5gc purl2cpe 2026-06-01 10:14:56.517076

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-65562 vulnerable 2026-06-08 07:39:20.913194 Details available
The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID (e.g., 0xFFFFFFFFFFFFFFFF) that causes an integer conversion/underflow in LocalNode.DeleteSess() / LocalNode.Sess() when a uint64 SEID is converted to int and used in index arithmetic. This leads to a negative index into n.sess and a Go runtime panic, resulting in a denial of service (UPF crash). The issue has been reproduced on free5GC v4.1.0 with crashes observed in the session lookup/deletion path in internal/pfcp/node.go; other versions may also be affected. No authentication is required.
Published: 2025-12-18T00:00:00.000Z
Updated: 2025-12-19T18:01:34.231Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-65561 vulnerable 2026-06-08 07:39:20.912658 Details available
An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request.
Published: 2025-12-18T00:00:00.000Z
Updated: 2025-12-19T18:01:39.764Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.