CVE-2026-25657

6.5 MEDIUM

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulne...

Published: 2026-06-05 · Last updated: 2026-06-08

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-228

Affected products

Vendor	Product
ericsson	packet_core_gateway

Description

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-25657
[Vendor advisory]https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25657

Related CVEs

Same vendor

CVE-2025-59174 — Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of speciall... (6.5 MEDIUM)
CVE-2026-25659 — Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an... (6.5 MEDIUM)
CVE-2026-25658 — Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an... (6.5 MEDIUM)

Same CWE

CVE-2025-59174 — Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of speciall... (6.5 MEDIUM)
CVE-2026-42100 — Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by se... (7.5 HIGH)