How is CVE-2026-25659 exploited?

Network reachability (info): The attacker must be on an adjacent network such as a LAN or VPN segment; remote over-the-internet exploitation is not possible without first gaining access to that adjacent network. Authentication (not-required): No credentials or account of any privilege level are needed to send the malformed messages. Victim interaction (not-required): The attacker sends crafted messages directly to the service; no user action or social engineering is required. Attack complexity (info): The exploit is reliable and condition-free; no race conditions, specific memory layouts, or other environmental factors need to be arranged.

What is the impact of CVE-2026-25659?

The affected PCG service crashes repeatedly for as long as the attack continues, disrupting packet core gateway availability. Network traffic processed by the PCG is dropped or undeliverable during each crash cycle, affecting dependent workloads and connected sessions. No confidentiality or data-integrity impact is present; the attacker cannot read or modify stored data through this vulnerability. Service recovers automatically once the attacker stops sending malformed messages, but sustained attacks cause prolonged outage windows.

Back to search

HIGHCVE-2026-25659Published 2026-06-05Modified 2026-06-05CNA ERIC

CVE-2026-25659: Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability

Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.

CVSS v4.0: 7.1
Severity: HIGH
Fixed in: 1.30
Affected Products: 1

HarborGuard Analysis

Synopsis

An improper handling of missing values vulnerability (CWE-230) affects Ericsson Packet Core Gateway (PCG) versions prior to 1.30. An unauthenticated attacker on the same network segment can continuously send specially crafted messages to cause repeated service crashes and sustained degradation; the service recovers once the attack stops, but availability is impaired for its duration. A patched-image rebuild at version 1.30 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images derived from affected PCG base layers.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.1 (HIGH) and weighting it against each environment's compliance policy to surface it to the appropriate team inbox within each customer organization.

Available

Patch

A patched-image rebuild at PCG version 1.30 is available for any environment where an affected version is detected. For customers who opt into auto-remediation, HarborGuard can trigger the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityDetail
The attacker must be on an adjacent network such as a LAN or VPN segment; remote over-the-internet exploitation is not possible without first gaining access to that adjacent network.
AuthenticationNot required
No credentials or account of any privilege level are needed to send the malformed messages.
Victim interactionNot required
The attacker sends crafted messages directly to the service; no user action or social engineering is required.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions, specific memory layouts, or other environmental factors need to be arranged.

Blast Radius

The affected PCG service crashes repeatedly for as long as the attack continues, disrupting packet core gateway availability.
Network traffic processed by the PCG is dropped or undeliverable during each crash cycle, affecting dependent workloads and connected sessions.
No confidentiality or data-integrity impact is present; the attacker cannot read or modify stored data through this vulnerability.
Service recovers automatically once the attacker stops sending malformed messages, but sustained attacks cause prolonged outage windows.

How HarborGuard Handles This

Available on HarborGuard: detection against this CVE is active across connected registries and pipelines, with findings scored at CVSS 7.1 HIGH and routed according to each environment's compliance policy. Where a customer's images include Ericsson PCG prior to version 1.30, a rebuilt image at the fixed version 1.30 is available. For customers who opt into auto-remediation, HarborGuard can execute the rebuild, run regression tests, and open a PR against affected workloads; for high-severity issues, median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation enabled. Because this vulnerability requires adjacent-network access, customers who cannot immediately patch should consider network-policy controls that restrict which hosts can reach PCG service ports, limiting the pool of potential attackers while the upgrade is scheduled.

See how HarborGuard automates this

Fix available

1.30

Affected packages

Ericsson / Packet Core Gateway (PCG)
< 1.30 (from 0)

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

ericsson.com

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available