Written by Taha Sajid, Founder, Principal Security Architect, Xecurity Pulse.

What happens when the core of a cutting-edge 5G network trusts too much? A single weak link can unravel even the most sophisticated systems.

As telecom networks embrace cloud-native architectures to power 5G, the importance of Zero Trust principles has never been greater. Yet, even the most modern deployments can fall prey to overlooked vulnerabilities. A recent security assessment of a Free5GC-based 5G core network hosted on Kubernetes in a public cloud offers a cautionary tale — and valuable lessons for anyone building or securing critical communications infrastructure.

Our assessment revealed multiple high-impact vulnerabilities spanning the application, container orchestration, and cloud infrastructure layers. Each weakness not only undermined the network’s confidentiality and integrity but also demonstrated how quickly trust assumptions can break down without a Zero-Trust mindset.

Rogue Network Function Registration: The Front Door Left Open

In 5G core networks, the Network Repository Function (NRF) plays a central role in managing Network Functions (NFs). However, we discovered that the NRF was accepting NF registration and deregistration requests over HTTP without any authentication. This allowed unauthorized entities to impersonate legitimate NFs or deregister critical functions, thereby opening the door to service disruption or advanced attacks, such as the man-in-the-middle interception of control plane traffic.

Default Credentials: The Unseen Backdoor

Default credentials remain one of the simplest — yet most devastating — oversights in security. The Free5GC WebUI used standard admin/admin credentials, and MongoDB lacked any meaningful access control, allowing attackers to gain full access to sensitive subscriber data. These issues highlight a key Zero Trust tenet: Trust must never be granted by default. Systems should enforce strong, unique credentials and adopt the principle of least privilege at every layer.

Kubernetes Misconfigurations: Trust Boundaries Eroded

The Kubernetes control plane presented further challenges. Overly permissive RBAC (Role-Based Access Control) roles allowed unauthorized lateral movement between pods. Service accounts with excessive permissions could interact with core 5G functions, making it trivial for an attacker who compromised one pod to move across the cluster. This serves as a reminder that Zero Trust isn’t just about authentication—it also requires rigorous authorization controls.

Cloud Weaknesses: Eroding the Infrastructure Perimeter

The host and cloud environment revealed additional gaps: unrestricted sudo access, exposed secrets, weak system passwords, and the use of IMDSv1 (Instance Metadata Service), which is known for exposing sensitive metadata that an attacker can exploit in cloud attack scenarios. These issues amplify the risk of privilege escalation, persistent backdoors, or data exfiltration. Adopting Zero Trust in cloud environments demands hardening the base infrastructure, not just the application layer.

Key Takeaways for Zero Trust Architects

This assessment offers actionable lessons for anyone implementing Zero Trust strategies in telecom or other cloud-native environments:

• Authenticate Everything: Enforce mutual authentication for critical APIs, such as NRF, using strong, PKI-based identities.
• Eliminate Defaults: Replace default credentials immediately and secure databases with granular, role-based access.
• Lock Down Kubernetes: Harden RBAC, minimize permissions, and regularly scan clusters with tools like kube-bench.
• Secure the Host and Cloud: Limit sudo privileges, rotate secrets, enable IMDSv2, and secure filesystem access to sensitive configurations.
• Use TLS and Service Mesh: Avoid default certificates and adopt enterprise-grade PKI solutions or tools, such as Vault, to manage certificates securely. Deploy a service mesh to enable mutual TLS (mTLS), control access between services, and gain detailed visibility into service-to-service traffic.

Why Zero Trust Matters More Than Ever

5G networks promise ultra-reliable, low-latency connectivity, but they also dramatically expand the attack surface with more distributed functions and a broader ecosystem of partners. The vulnerabilities uncovered in this assessment illustrate that relying on implicit Trust, network perimeters, or default configurations can leave even state-of-the-art deployments vulnerable.

Zero Trust is not just a security buzzword; it’s an operational imperative. By assuming breach, enforcing continuous verification, and applying the least privilege everywhere — from container workloads to cloud infrastructure — organizations can better secure the next generation of critical networks.

As more telecom workloads move to the cloud, adopting Zero Trust strategies isn’t optional — it’s essential to protecting customer data, ensuring service availability, and maintaining Trust in our digital infrastructure.