What is the CVSS score of CVE-2025-69232?

CVE-2025-69232 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Smf are affected by CVE-2025-69232?

A denial-of-service vulnerability affecting free5GC 5G core network infrastructure (versions up to 1.2.6 for go-upf and 1.4.0 for SMF) could allow attackers to disrupt mobile network services.

Is there a public PoC exploit available for CVE-2025-69232?

Yes, a public proof-of-concept exploit is available for CVE-2025-69232. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-69232?

Within 24 hours: Inventory all free5GC deployments and confirm affected versions (go-upf ≤1.2.6, SMF ≤1.4.0); document network exposure and isolation status. Within 7 days: Implement network segmentation to restrict untrusted input to SMF/go-upf components; enable protocol validation logging to detect exploitation attempts. Within 30 days: Monitor vendor releases for patches; establish upgrade plan with testing in non-production environment; coordinate with free5GC community for security advisories.

Smf CVE-2025-69232

HIGH

Improper Input Validation (CWE-20)

2026-02-23 security-advisories@github.com

Denial Of Service Smf Go Upf

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 25, 2026 - 16:20 vuln.today

Public exploit code

CVE Published

Feb 23, 2026 - 22:16 nvd

HIGH 7.5

DescriptionGitHub Advisory

free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. As of time of publication, a fix is in development but not yet available. No direct workaround is available at the application level. Applying the official patch, once released, is recommended.

AnalysisAI

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). Affects Go-Upf. free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate req

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-69232 vulnerability details – vuln.today

Back

Smf CVE-2025-69232

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code