CVE-2025-29339
Severity CVSS v4.0: 
            Pending analysis
                                                    Type: 
          
                        Unavailable / Other
          
        Publication date: 
                          22/04/2025
                  Last modified: 
                          19/06/2025
                  Description
An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF (or via direct attack), triggering a fatal assertion check and causing a daemon crash.
              Impact
Base Score 3.x
          7.50
        Severity 3.x
          HIGH
        Vulnerable products and versions
| CPE | From | Up to | 
|---|---|---|
| cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:* | 2.7.2 (including) | 
To consult the complete list of CPE names with products and versions, see this page



