PatchSiren cyber security CVE debrief
CVE-2026-25657 Ericsson CVE debrief
CVE-2026-25657 is a HIGH severity vulnerability in Ericsson Packet Core Gateway (PCG) versions prior to 1.30. An attacker can cause service degradation by continuously sending specially crafted messages. The impact persists as long as the attack continues, but the system recovers when the attack stops.
- Vendor
- Ericsson
- Product
- Packet Core Gateway
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-08
Who should care
Administrators and security teams responsible for Ericsson Packet Core Gateway (PCG) versions prior to 1.30 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by Improper Handling of Syntactically Invalid Structure (CWE-228). An attacker can exploit this vulnerability by continuously sending specially crafted messages, leading to service degradation.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to Ericsson Packet Core Gateway (PCG) version 1.30 or later.
- Implement network monitoring and intrusion detection to identify and block suspicious traffic.
- Restrict access to the Ericsson Packet Core Gateway (PCG) to only trusted sources.
Evidence notes
The CVE-2026-25657 vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt]. The CVSS score is 7.1, indicating a HIGH severity vulnerability.
Official resources
-
CVE-2026-25657 CVE record
CVE.org
-
CVE-2026-25657 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
85b1779b-6ecd-4f52-bcc5-73eac4659dcf - Vendor Advisory
CVE-2026-25657 was published on 2026-06-05T12:16:37.750Z and modified on 2026-06-08T14:21:47.350Z.