Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API

GHSA-vgq7-9r5r-j9v3 · CVE-2025-60632 · GO-2025-4164

Published Nov 24, 2025 · Modified Dec 3, 2025

Description

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-60632
WEB https://github.com/free5gc/free5gc/issues/705
WEB https://github.com/free5gc/pcf/pull/53
WEB https://github.com/free5gc/free5gc
PACKAGE https://github.com/free5gc/pcf

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes