CVE-2025-60632 — Vulnetix

CVE-2025-60632 PUBLISHED CVSS 6.5 MEDIUM

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

EPSS 0.03% · 9.6th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.03%

9.6th percentile

Affected Products

Vendor	Product	Versions
free5gc	free5gc	4.0.1, 4.0.0
n/a	n/a	*
github.com	free5gc/pcf	0

Timeline

Nov 24, 2025 CVE Published
Nov 24, 2025 PoC Published
Nov 25, 2025 CVE Updated
Nov 25, 2025 EPSS Score
Nov 30, 2025 EPSS Score
Dec 4, 2025 EPSS Score
Dec 9, 2025 EPSS Score
Dec 14, 2025 EPSS Score
Dec 18, 2025 EPSS Score
Dec 23, 2025 EPSS Score
Dec 28, 2025 EPSS Score
Jan 1, 2026 EPSS Score

References

https://github.com/free5gc/free5gc url
https://github.com/free5gc/free5gc/issues/705 url
https://nvd.nist.gov/vuln/detail/CVE-2025-60632 advisory
https://github.com/free5gc/pcf/pull/53 url
https://github.com/free5gc/pcf package

Open in Interactive Console →