CVE-2025-29339

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 22, 2025

Updated: Apr 23, 2025

CWE ID 617

Summary

CVE-2025-29339 is a vulnerability affecting Open5GS UPF versions up to v2.7.2. It involves an assertion failure in the UPF's PFCP session parameter validation process. When processing a PFCP Session Establishment Request with an incorrect PDN Type value of 0, the UPF fails to handle this invalid input, leading to a fatal assertion check and resulting in a daemon crash. This issue can potentially be exploited through direct attacks or via SMF, posing a significant risk to affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4OExNz
https://www.cve.org/CVERecord?id=CVE-2025-29339
https://nvd.nist.gov/vuln/detail/CVE-2025-29339

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-29339

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations