The free5GC UDM component contains an input validation flaw affecting the supi path parameter in six GET handlers of the nudm-sdm service. An attacker who can send requests to these endpoints can inject control characters that subvert normal processing, causing UDM to forward a malformed request to the UDR service. The resulting 500 Internal Server Error response reveals internal infrastructure details, providing an attacker with sensitive information. This flaw is identified as CWE‑20 and CWE‑209 and can lead to confidentiality compromise or denial of service through repeated malformed requests.

The vulnerability is present in the free5gc:free5gc product prior to version 4.2.2. Systems running free5GC UDM versions earlier than 4.2.2 are affected, regardless of deployment platform. The problem was fixed in release 4.2.2; newer releases are not known to be affected.

The CVSS score of 7.7 indicates high severity, and the lack of a publicly available EPSS score means the current exploitation probability is unknown but likely low to moderate until a public exploit emerges. The vulnerability is not listed in CISA’s KEV catalog, reducing the chance of widespread exploitation by state-sponsored actors at present. However, an unauthenticated attacker could remotely send crafted GET requests to the exposed nudm-sdm endpoints, potentially causing repeated 500 errors and leaking internal data. In the absence of official mitigation details, administrators should treat this as a high‑risk issue.