CVE-2025-60632

Published: Nov 24, 2025Modified: Dec 1, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

Affected (2)

Products: Free5gc: Free5gc

Free5gc

1 product

Free5gc

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Free5gc Free5gc	Version 4.0.0
Free5gc Free5gc	Version 4.0.1

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (2)

https://github.com/free5gc/free5gc

Source: cve@mitre.org

Product

https://github.com/free5gc/free5gc/issues/705

Source: cve@mitre.org

Issue Tracking

Timeline

No history available yet.