A critical authentication bypass in the free5GC SMF component allows an unauthenticated network attacker to perform unauthorized management operations on the 5G core network.

The vulnerability stems from the SMF component mounting UPI management route groups without required OAuth2/bearer-token authorization middleware. This allows an unauthenticated attacker with network access to the Service-Based Architecture (SBI) to interact directly with UPI endpoints.

The CVSS score of 10.0 signifies the highest level of risk, as it allows for unauthorized control over critical 5G network management functions. Exploitation could lead to severe network disruption, interception of communication, or total manipulation of user plane nodes, causing catastrophic service outages.

Immediate Action: Update free5GC SMF to version 4.2.2 or later to implement required authorization middleware.

Proactive Monitoring: Audit network logs for unauthorized access attempts or suspicious traffic patterns directed at SBI endpoints and UPI management routes.

Compensating Controls: Implement strict network micro-segmentation to ensure only authorized components can communicate with the SMF service, effectively isolating it from untrusted network segments.

Public Exploit Available: Yes

This vulnerability is exceptionally severe due to the lack of any authentication requirements. Organizations utilizing free5GC must prioritize the update to version 4.2.2 to close this critical security gap and prevent unauthorized manipulation of core network infrastructure.