Description
Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
Published: 2026-06-05
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Ericsson Packet Core Controller versions earlier than 1.39 are affected by a vulnerability that allows an attacker to send a large volume of specially crafted messages, resulting in service degradation. The weakness can overwhelm the controller, leading to reduced performance or temporary unavailability of network functions. Classed as CWE‑228, the flaw represents a failure to properly handle high‑volume traffic, which can cause denial or degradation of service rather than data loss or code execution.

Affected Systems

The affected system is Ericsson Packet Core Controller (PCC) running any firmware version lower than 1.39. All deployments of PCC that have not upgraded beyond version 1.39 are susceptible to the described volume‑based exploitation.

Risk and Exploitability

The CVSS score of 7.1 indicates a high‑severity flaw, and the lack of an EPSS score means no publicly reported exploit prevalence is available. The vulnerability is not listed in CISA KEV, suggesting no pervasive exploitation has been documented yet, but its impact on availability is significant. The most likely attack vector is network‑based, inferred because the attacker must transmit crafted messages to the PCC. An adversary with network access or the ability to flood the controller can trigger the degradation without further privilege.

Generated by OpenCVE AI on June 5, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ericsson Packet Core Controller to version 1.39 or later, which contains the vendor's fix for the message‑volume handling issue.
  • If an immediate upgrade is not feasible, isolate the PCC by applying network segmentation and enforce strict access controls to limit the number of peers that can send traffic to the controller.
  • Implement rate limiting or throttling on the message ingress paths to the PCC to prevent excessive traffic from overwhelming the system until a patch can be applied.

Generated by OpenCVE AI on June 5, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Title Service Degradation from Excessive Message Volume in Ericsson Packet Core Controller
First Time appeared Ericsson
Ericsson packet Core Controller
Vendors & Products Ericsson
Ericsson packet Core Controller

Fri, 05 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
Weaknesses CWE-228
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ericsson Packet Core Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: ERIC

Published:

Updated: 2026-06-05T13:44:39.149Z

Reserved: 2025-09-10T13:24:49.360Z

Link: CVE-2025-59174

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T15:16:40.560

Modified: 2026-06-05T15:56:37.130

Link: CVE-2025-59174

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T15:30:13Z

Weaknesses