## https://sploitus.com/exploit?id=58A7C600-1F6A-5C06-A8E7-DEC113E22D0C
# CVE-2025-29632
the information for the vulnerability covered by CVE-2025-29632
## Affected versions: 4.0.0 and previous versions
<br>
## When free5gc processes the InitialUEMessage, it only checks whether the nASPDU reference is nil (i.e., whether it is a null pointer), but does not verify if the content of nASPDU is empty. This results in passing an empty byte array as a parameter when calling nas_security.DecodePlainNasNoIntegrityCheck(nASPDU.Value) during subsequent message parsing. In this function, accessing the NAS message security header fails due to the empty value, leading to an error and crash in the AMF.
<br>
### poc.py an exploit script
<br>
### ngap.pcap is the traffic packet after the script is executed, containing the data sent by the script and the server's response
<br>
### free5gc.log is the log content of free5gc before and after the attack. The vulnerability was triggered at 00:48:15.913618097+08:00 on March 07T, 2025, causing the AMF to crash