Description
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Published: 2026-06-05
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper handling of syntactically invalid structures (CWE-228) in Ericsson Packet Core Gateway (PCG). By continuously sending specially crafted messages, an attacker can trigger resource exhaustion or processing delays, resulting in a degradation of service that persists only while the attack continues. The system recovers after the attack stops, so the impact is a temporary denial of service rather than a crash or data loss.

Affected Systems

All Ericsson Packet Core Gateway (PCG) implementations with firmware versions earlier than 1.30 are affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity. With no EPSS data and no listing in the CISA KEV catalog, the likelihood of exploitation is uncertain. The likely attack vector is inferred from the description: an attacker must maintain continuous network access to send malformed protocol messages that trigger the improper handling. Because the attacker must maintain continuous traffic to sustain degradation, the window of opportunity requires persistent network access, yet the impact can be significant for network uptime.

Generated by OpenCVE AI on June 5, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the PCG firmware to version 1.30 or later, which contains the patch that addresses the invalid structure handling issue.
  • Configure network security appliances or firewalls to detect, rate‑limit, or block sustained malformed or protocol‑violating traffic targeting the PCG.
  • Deploy continuous monitoring of PCG performance metrics and logs to detect abnormal latency or packet patterns that may indicate an ongoing attack.

Generated by OpenCVE AI on June 5, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Title Ericsson Packet Core Gateway (PCG) - Improper Handling of Syntactically Invalid Structure Vulnerability
Weaknesses CWE-228
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ERIC

Published:

Updated: 2026-06-05T11:03:02.273Z

Reserved: 2026-02-04T12:41:54.869Z

Link: CVE-2026-25657

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T12:16:37.750

Modified: 2026-06-05T12:16:37.750

Link: CVE-2026-25657

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T13:00:14Z

Weaknesses