CVE-2025-66719

CRITICAL
2026-01-23 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 11, 2026 - 19:55 vuln.today
Public exploit code
Patch Released
Feb 11, 2026 - 19:55 nvd
Patch available
CVE Published
Jan 23, 2026 - 16:15 nvd
CRITICAL 9.1

Tags

Golang Nrf

Description

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.

Analysis

Free5gc NRF 1.4.0 has an authorization bypass in access token generation that allows authenticated users to request tokens with broader scope than permitted.

Technical Context

The AccessTokenScopeCheck function in Free5gc NRF (Network Repository Function) 1.4.0 has a CWE-863 incorrect authorization vulnerability that fails to properly validate token scope, allowing users to request overly permissive access tokens.

Affected Products

['Free5gc NRF 1.4.0']

Remediation

Update Free5gc. Review issued access tokens for overly permissive scopes.

Priority Score

66
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: +20

Share

CVE-2025-66719 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy