PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-59174 Ericsson CVE debrief

CVE-2025-59174 is a HIGH severity vulnerability in Ericsson's Packet Core Controller (PCC). Versions prior to 1.39 are affected. An attacker can cause service degradation by sending a large volume of specially crafted messages. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2025-59174) on 2026-06-05 and last modified on 2026-06-08. For more information, see the [NVD detail page](https://nvd.nist.gov/vuln/detail/CVE-2025-59174). Ericsson provides mitigation details on their [Vendor Advisory](https://ericsson.com/en/about-us/security/psirt/CVE-2025-59174) page.

Vendor
Ericsson
Product
Packet Core Controller
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Administrators and security teams responsible for Ericsson Packet Core Controller (PCC) versions prior to 1.39 should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability has a CVSS score of 7.1 and is classified as CWE-228. It can be exploited by sending a large volume of specially crafted messages, potentially causing service degradation.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade to Ericsson Packet Core Controller version 1.39 or later.
  • Implement network traffic monitoring and filtering to detect and prevent suspicious message volumes.
  • Review and update incident response plans to address potential service degradation scenarios.

Evidence notes

The information provided is based on data from official sources, including CVE.org and NVD.

Official resources

CVE-2025-59174 was published on 2026-06-05 and last modified on 2026-06-08.