Home / Vulnerability Intelligence / CVE-2025-69208

CVE-2025-69208 - Vulnerability Analysis

MediumCVSS: 5.3

Last Updated: February 25, 2026

free5GC UDR - Information Exposure

Published: February 23, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable

Overview

free5GC UDR < 1.4.1 contains an improper error handling vulnerability caused by leaking internal parsing errors in the Nnef_PfdManagement service, letting remote attackers gain information exposure, exploit requires network access.

Severity & Score

Severity: Medium

CVSS Score: 5.3

Impact

Remote attackers can gain information about internal server errors, aiding fingerprinting and reconnaissance.

Mitigation

Update to version 1.4.1 or later.

References

https://github.com/free5gc/free5gc/issues/753
https://github.com/free5gc/free5gc/security/advisories/GHSA-f3pc-w7jp-4jh2
https://github.com/free5gc/udr/commit/91bb34bd96e1c89b3fddca80db8b90049da61ebb
https://github.com/free5gc/udr/pull/56

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-69208
Severity: Medium
CVSS Score: 5.3
Type: misconfiguration
Status: confirmed

CWE

CWE-209

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N