CVE-2025-69252
free5GC has Null Pointer Dereference in UDM, Leading to Service Panic
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
| CWE | CWE-476 |
| Vendor | free5gc |
| Product | udm |
| Published | Feb 23, 2026 |
| Last Updated | Feb 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for free5gc udm
Be the first to know when new unknown vulnerabilities affecting free5gc udm are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
free5gc / udm
<= 1.4.1