Skip to main content

Ericsson

Vendor security scorecard – 4 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 16
4
CVEs
0
Critical
4
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
4
MEDIUM
0
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-25657 Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade service by continuously transmitting malformed messages that the gateway fails to parse safely. The condition causes recurring crashes that persist only while the attack is active, with automatic recovery once it stops, and no public exploit identified at time of analysis. HIGH 7.1 0.0% 36
CVE-2026-25658 Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows adjacent network attackers to degrade service availability by continuously transmitting specially crafted messages that trigger improper handling of missing values (CWE-230). The affected PCG nodes crash repeatedly under sustained attack but self-recover once traffic stops, so impact is transient yet operationally significant for mobile core networks. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV. HIGH 7.1 0.0% 36
CVE-2026-25659 Denial of service in Ericsson Packet Core Gateway (PCG) versions prior to 1.30 allows an adjacent-network attacker to degrade telecom packet core service by continuously sending a specially crafted message that triggers improper handling of missing values (CWE-230). The condition persists only while the attack is sustained - the system self-recovers once traffic stops - and no public exploit identified at time of analysis, but the CVSS 4.0 score of 7.1 reflects high availability impact on a carrier-grade network function. HIGH 7.1 0.0% 36
CVE-2025-59174 Denial-of-service in Ericsson Packet Core Controller (PCC) versions prior to 1.39 allows an adjacent-network attacker without credentials to degrade service by flooding the controller with specially crafted messages. The CVSS 4.0 score of 7.1 reflects high availability impact with no confidentiality or integrity loss; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. HIGH 7.1 0.0% 36

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy