CVE-2025-60633
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API in github.com/free5gc/openapi
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/free5gc/udm | <=1.4.0 | |
| Go | github.com/free5gc/openapi | <1.2.2 | 1.2.2 |
| Go | github.com/free5gc/udm | | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-60633
- https://github.com/free5gc/free5gc/issues/700
- https://github.com/free5gc/free5gc/issues/701
- https://github.com/free5gc/free5gc/issues/702
- https://github.com/free5gc/free5gc/issues/703
- https://github.com/free5gc/openapi/pull/65
- https://github.com/free5gc/udm/pull/63
- https://github.com/free5gc/udm/pull/65
- https://github.com/free5gc/udm/pull/66
- https://github.com/free5gc/openapi/commit/d50c83e8fe7ebf9a62d9de99517e21a17f627b52
- https://github.com/free5gc/udm/commit/57c56a3ad4bc53a62cab259045e78ec9abdb98ca
- https://github.com/free5gc/udm/commit/ca9976857909a422dcff5bf2228756fc2bfc80d1
- https://github.com/free5gc/udm/commit/e776c42177817f75e75e7a587c58c2a027beed81
- https://github.com/advisories/GHSA-3j9f-7w24-pcqg
- https://github.com/free5gc/pcf
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.