CVE-2026-25657 | THREATINT

Description

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

PUBLISHED Reserved 2026-02-04 | Published 2026-06-05 | Updated 2026-06-05 | Assigner ERIC

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-228

Product status

Default status

affected

Any version before 1.30

affected

Credits

Clemens Keil, Manfred Heinz, Patrick Walker of BDO Cyber Security GmbH finder

BSI 5G/6G Security Lab TEMIS (Federal Office for Information Security, Germany) finder

References

www.ericsson.com/en/about-us/security/psirt/cve-2026-25657

cve.org (CVE-2026-25657)

nvd.nist.gov (CVE-2026-25657)

Download JSON