CVE-2025-29339

Published Apr 22, 2025

Last updated 7 days ago

CVSS high 7.5

Overview

Description
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash.
Source
cve@mitre.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-617

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-29339 🔴 HIGH (7.5) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/A7uZy5VU77 #CyberCron #VulnAlert #InfoSec https://t.co/8SRwQEY7My

    @cybercronai

    24 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-29339 Open5GS UPF Assertion Failure Vulnerability in PFCP Session Establishment Request https://t.co/TBq68dRtdO

    @VulmonFeeds

    23 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-29339 An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session E… https://t.co/N1vcNxKYpk

    @CVEnew

    22 Apr 2025

    349 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.