CVE-2025-15156 – omec-project UPF PFCP Session Establishment Request messages_session.go handleSessionEstablishmentRequest null pointer dereference

CVE ID : CVE-2025-15156

Published : Dec. 28, 2025, 10:02 p.m. | 21 minutes ago

Description : A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…