CVE-2026-25657
MediumCVSS 6.5Summary
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure vulnerability, allowing an attacker to continuously send a specially crafted message, leading to service degradation.
Risk Assessment
An attacker can cause significant availability issues that will persist as long as the attack continues.
Recommendation
It is recommended to upgrade to version 1.30 or later to mitigate this vulnerability.
Original NVD description (English source)
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

