Skip to main content

Udm

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27642 HIGH POC PATCH This Week

Remote attackers can inject control characters into the SUPI parameter of free5GC UDM versions up to 1.4.1, causing URL parsing failures that leak sensitive system error details and enable service fingerprinting. Public exploit code exists for this vulnerability affecting the Nudm_UEAU service across all vulnerable deployments. A patch is available and should be applied immediately, as no application-level workaround exists.

Code Injection Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69252 HIGH POC PATCH This Week

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. [CVSS 7.5 HIGH]

Denial Of Service Null Pointer Dereference Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-69251 MEDIUM POC PATCH This Month

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 5.3 MEDIUM]

Code Injection Udm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-69250 HIGH POC PATCH This Week

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 7.5 HIGH]

Code Injection Udm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27642
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Remote attackers can inject control characters into the SUPI parameter of free5GC UDM versions up to 1.4.1, causing URL parsing failures that leak sensitive system error details and enable service fingerprinting. Public exploit code exists for this vulnerability affecting the Nudm_UEAU service across all vulnerable deployments. A patch is available and should be applied immediately, as no application-level workaround exists.

Code Injection Udm
NVD GitHub
CVE-2025-69252
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. [CVSS 7.5 HIGH]

Denial Of Service Null Pointer Dereference Udm
NVD GitHub
CVE-2025-69251
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 5.3 MEDIUM]

Code Injection Udm
NVD GitHub
CVE-2025-69250
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. [CVSS 7.5 HIGH]

Code Injection Udm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy