CVE-2025-63679

Published: Nov 12, 2025Modified: Dec 31, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes.

Affected (1)

Products: Free5gc: Free5gc

Free5gc

1 product

Free5gc

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Free5gc Free5gc	Up to 4.1.0

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://gist.github.com/DDGod2025/5483d94b028d7a0c111ca23844e8a94d

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/free5gc/free5gc/issues/725

Source: cve@mitre.org

ExploitIssue Tracking

Timeline

No history available yet.