VYPR

UDM

by Free5gc

Source repositories

CVEs (5)

  • CVE-2023-46324HigOct 23, 2023
    risk 0.42cvss 7.5epss 0.00

    pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt…

  • CVE-2026-27642Feb 24, 2026
    risk 0.00cvss epss 0.01

    free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi parameter, triggering internal URL…

  • CVE-2025-69252Feb 23, 2026
    risk 0.00cvss epss 0.01

    free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic…

  • CVE-2025-69251Feb 23, 2026
    risk 0.00cvss epss 0.00

    free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the ueId parameter, triggering internal URL…

  • CVE-2025-69250Feb 23, 2026
    risk 0.00cvss epss 0.00

    free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.ParseInt parsing errors) to…

VYPR — Vulnerability Intelligence