PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-25658 Ericsson CVE debrief

CVE-2026-25658 is a HIGH-severity vulnerability in Ericsson's Packet Core Gateway (PCG) versions prior to 1.30. The issue is an Improper Handling of Missing Values (CWE-230) that can cause service degradation when an attacker continuously sends specially crafted messages. The impact persists as long as the attack continues but the system recovers once the attack stops.

Vendor
Ericsson
Product
Packet Core Gateway
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Administrators and security teams responsible for Ericsson Packet Core Gateway systems should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability exists in Ericsson Packet Core Gateway (PCG) versions prior to 1.30. An attacker can exploit this Improper Handling of Missing Values (CWE-230) vulnerability by continuously sending specially crafted messages, leading to service degradation. The system recovers when the attack stops.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade to Ericsson Packet Core Gateway version 1.30 or later.
  • Implement network monitoring to detect and block suspicious traffic.
  • Follow Ericsson's official guidance on mitigating this vulnerability, available at [ref-4](https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25658).

Evidence notes

The CVE-2026-25658 details were obtained from the official CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-25658) and NVD [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-25658).

Official resources

CVE-2026-25658 was published on 2026-06-05T12:16:37.907Z and modified on 2026-06-08T14:22:16.540Z.