How to fix CVE-2025-69248?

Within 24 hours: Inventory all systems running free5GC and identify which are running vulnerable versions (≤1.4.1); assess whether affected systems are production or non-production. Within 7 days: Apply available patch to all non-production environments first for validation; implement network-level rate limiting on AMF service interfaces as interim protection. Within 30 days: Complete patching of all production free5GC instances; conduct vulnerability rescanning to confirm remediation.

Is Amf affected by CVE-2025-69248?

A buffer overflow vulnerability in free5GC's AMF service (CVE-2025-69248) can be exploited to cause denial of service attacks against 5G mobile core network infrastructure.

CVE-2025-69248

HIGH

2026-02-23 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 25, 2026 - 16:35 vuln.today

Public exploit code

Patch Released

Feb 25, 2026 - 16:35 nvd

Patch available

CVE Published

Feb 23, 2026 - 22:16 nvd

HIGH 7.5

Description

free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, causing complete denial of service for the 5G core network. All deployments of free5GC using the AMF component may be affected. Pull request 43 of the free5gc/nas repo contains a fix. No direct workaround is available at the application level. Applying the official patch is recommended.

Analysis

Technical Context

Classified as CWE-129 (Improper Validation of Array Index). Affects Amf. free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Service. Remote unauthenticated attackers can crash the AMF service by sending a specially crafted NAS Registration Request with a malformed 5GS Mobile Identity, causing complete denial of service for the 5G core network. All deployments of free5GC using the AMF component may be affected. Pull request

Affected Products

Vendor: Free5Gc. Product: Amf.

Remediation

A vendor patch is available — apply it immediately. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +38

POC: +20

CVE-2025-69248 vulnerability details – vuln.today

Back

CVE-2025-69248

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-69248

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code