How is CVE-2026-25658 exploited?

Network reachability (info): The attacker must be on an adjacent network (LAN, VPN, or equivalent broadcast domain) to reach the vulnerable PCG service; remote over-the-internet exploitation is not possible without prior network access. Authentication (not-required): No credentials or account are needed; the attacker can send the malformed messages anonymously. Victim interaction (not-required): No user action or interaction from a victim is required to trigger the vulnerability. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond adjacent-network access.

What is the impact of CVE-2026-25658?

Crashes the PCG service repeatedly, causing continuous availability loss for as long as the attack is sustained. Degrades packet core gateway throughput, disrupting connectivity for downstream network functions that depend on PCG. Forces repeated self-recovery cycles on the PCG host, consuming resources and increasing latency for legitimate traffic during each restart.

Back to search

HIGHCVE-2026-25658Published 2026-06-05Modified 2026-06-05CNA ERIC

CVE-2026-25658: Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 1.30
Affected Products: 1

HarborGuard Analysis

Synopsis

An improper handling of missing values vulnerability (CWE-230) affects Ericsson Packet Core Gateway (PCG) versions prior to 1.30. An unauthenticated attacker on the same network segment can repeatedly send specially crafted messages to trigger service degradation, with the impact persisting for as long as the attack continues. Successful exploitation causes repeated crashes of the PCG service, though the system self-recovers once the attack stops. A patched-image rebuild at version 1.30 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-25658 is available across every HarborGuard environment, with the CVE matched against images in customer registries and CI/CD pipelines within minutes of publication. Coverage extends to custom-built images that bundle or derive from affected PCG versions prior to 1.30.

Available

Triage

HarborGuard is capable of scoring this CVE at 7.1 HIGH using the CVSS v4.0 vector and weighting findings against each customer environment's compliance policy. Triage routing directs the finding to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at PCG version 1.30 becomes available on HarborGuard once the upstream fix is confirmed. For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityDetail
The attacker must be on an adjacent network (LAN, VPN, or equivalent broadcast domain) to reach the vulnerable PCG service; remote over-the-internet exploitation is not possible without prior network access.
AuthenticationNot required
No credentials or account are needed; the attacker can send the malformed messages anonymously.
Victim interactionNot required
No user action or interaction from a victim is required to trigger the vulnerability.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond adjacent-network access.

Blast Radius

Crashes the PCG service repeatedly, causing continuous availability loss for as long as the attack is sustained.
Degrades packet core gateway throughput, disrupting connectivity for downstream network functions that depend on PCG.
Forces repeated self-recovery cycles on the PCG host, consuming resources and increasing latency for legitimate traffic during each restart.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-25658 is active across all scanned environments, matching images running PCG versions below 1.30 against the advisory as soon as it was ingested. A patched-image rebuild at version 1.30 is available for environments where the affected image is present. For customers who opt into auto-remediation, HarborGuard can trigger the rebuild, execute regression tests, and open a pull request against affected workloads; for high-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit auto-remediation, the finding is routed to the configured team inbox with the CVSS 7.1 HIGH score and fix-version detail so engineers can act manually. As a compensating control while the patch is being applied, network policy isolation restricting adjacent-network access to the PCG service can reduce the attack surface.

See how HarborGuard automates this

Fix available

1.30

Affected packages

Ericsson / Packet Core Gateway (PCG)
< 1.30 (from 0)

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

ericsson.com

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available