Unrated severityOSV Advisory· Published Dec 18, 2025· Updated Dec 19, 2025

CVE-2025-65559

Description

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in lib/pfcp/context.c (ogs_pfcp_object_teid_hash_set) if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flag(s) (IPv4/IPv6) do not match the GTP-U resource family configured for the selected DNN (Network Instance), resulting in a denial of service.

Affected products

Open5gs/Open5gsOSV
Range: v0.1.0, v0.1.1, v0.2.0, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/open5gs/open5gs/issues/4135mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000