CVE-2025-60632: Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API

November 24, 2025 (updated November 25, 2025)

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

References

github.com/advisories/GHSA-vgq7-9r5r-j9v3
github.com/free5gc/free5gc
github.com/free5gc/free5gc/issues/705
github.com/free5gc/pcf
github.com/free5gc/pcf/pull/53
nvd.nist.gov/vuln/detail/CVE-2025-60632

Code Behaviors & Features

Detect and mitigate CVE-2025-60632 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →