CVE-2025-65559

Description

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flag(s) (IPv4/IPv6) do not match the GTP-U resource family configured for the selected DNN (Network Instance), resulting in a denial of service.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-18 | Updated 2025-12-19 | Assigner mitre

References

github.com/open5gs/open5gs/issues/4135 exploit

github.com/open5gs/open5gs/issues/4135

cve.org (CVE-2025-65559)

nvd.nist.gov (CVE-2025-65559)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.