CVE-2025-60638 — Vulnetix

CVE-2025-60638 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.

EPSS 0.15% · 35.4th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.15%

35.4th percentile

Affected Products

Vendor	Product	Versions
free5gc	free5gc	4.0.0, 4.0.1
n/a	n/a	n/a
github.com	free5gc/nssf	0

Timeline

Nov 24, 2025 CVE Published
Nov 24, 2025 PoC Published
Nov 24, 2025 CVE Updated
Nov 25, 2025 EPSS Score
Nov 30, 2025 EPSS Score
Dec 4, 2025 EPSS Score
Dec 9, 2025 EPSS Score
Dec 14, 2025 EPSS Score
Dec 18, 2025 EPSS Score
Dec 23, 2025 EPSS Score
Dec 28, 2025 EPSS Score
Jan 1, 2026 EPSS Score

References

https://github.com/free5gc/free5gc url
https://github.com/free5gc/free5gc/issues/704 url
https://nvd.nist.gov/vuln/detail/CVE-2025-60638 advisory
https://github.com/free5gc/nssf/commit/66fc727a894fa821fde14030346b18de69192204 url
https://github.com/free5gc/nssf package

Open in Interactive Console →