Critical severityOSV Advisory· Published Jan 23, 2026· Updated Jan 23, 2026
CVE-2025-66719
CVE-2025-66719
Description
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/nrfGo | < 1.4.1 | 1.4.1 |
Affected products
2Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.