Home

Description

Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

PUBLISHED Reserved 2025-09-10 | Published 2026-06-05 | Updated 2026-06-05 | Assigner ERIC




HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-228: Improper Handling of Syntactically Invalid Structure

Product status

Default status
unaffected

Any version before 1.39
affected

Credits

The UK Telecoms Lab (UKTL) finder

The UK’s National Cyber Security Centre (NCSC) finder

References

ericsson.com/en/about-us/security/psirt/CVE-2025-59174

cve.org (CVE-2025-59174)

nvd.nist.gov (CVE-2025-59174)

Download JSON