CVE-2025-66719

Published: Jan 23, 2026

Modified: Jan 23, 2026

PUBLISHED

Description

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/free5gc/free5gc/issues/736

https://github.com/free5gc/nrf/pull/73

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-66719

Description

Affected Products

References