PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-25659 Ericsson CVE debrief

CVE-2026-25659 is a HIGH severity vulnerability in Ericsson's Packet Core Gateway (PCG). Versions prior to 1.30 are affected by an Improper Handling of Missing Values (CWE-230) vulnerability. An attacker can cause service degradation by continuously sending specially crafted messages. The impact persists as long as the attack continues, but the system recovers when the attack stops. The CVSS score for this vulnerability is 7.1.

Vendor
Ericsson
Product
Packet Core Gateway
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-08
Advisory published
2026-06-05
Advisory updated
2026-06-08

Who should care

Administrators and security teams responsible for Ericsson Packet Core Gateway (PCG) versions prior to 1.30 should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability exists in Ericsson Packet Core Gateway (PCG) versions prior to 1.30. It is caused by improper handling of missing values, which allows an attacker to cause service degradation by sending specially crafted messages.

Defensive priority

HIGH

Recommended defensive actions

  • Upgrade to version 1.30 or later of Ericsson Packet Core Gateway (PCG).
  • Implement network traffic monitoring and filtering to prevent specially crafted messages from reaching the system.
  • Refer to the vendor advisory for more information and mitigation strategies: [ref-4](https://www.ericsson.com/en/about-us/security/psirt/cve-2026-25659)

Evidence notes

The CVE record [cve-org] and NVD detail [nvd] provide official information about the vulnerability. The vendor advisory [ref-4] offers mitigation strategies and more details.

Official resources

CVE-2026-25659 was published on 2026-06-05T12:16:38.050Z and modified on 2026-06-08T14:22:28.120Z.