This work addresses the underexplored security risks of eBPF in containerized 5G core networks, which remain vulnerable to exploitation due to a lack of systematic investigation. We present the first comprehensive analysis of eBPF-enabled 5G core deployments based on Open5GS, identifying four critical threat categories: user tracking, denial-of-service, information leakage, and Bash injection. To validate these vulnerabilities, we construct and demonstrate an end-to-end attack chain. Furthermore, we propose and publicly release reproducible mitigation mechanisms targeting each identified flaw. Our experimental evaluation confirms that all discovered vulnerabilities are practically exploitable, while the proposed defenses significantly enhance system security, thereby filling a critical gap in the current literature on 5G network security.

The extended Berkeley Packet Filter (eBPF) is useful for faster packet processing and network monitoring in softwarized deployments. Similarly, softwarized deployments of 5G core network services adopted eBPF to meet the stringent latency and bandwidth requirements of underlying applications. While the existing studies focused on network performance, security concerns over eBPF-enabled platforms are overlooked. In this paper, we study the vulnerability analysis of 5G core network deployments that use eBPF for packet processing and traffic monitoring. In particular, we consider the following aspects: a) tracing, b) denial-of-service (DoS), c) stealing information, and d) bash injection. We present the detailed attack scenarios with step-by-step implementation of containerized and eBPF-enabled 5G network functions using Open5GS. The experiment results show that the aforementioned vulnerabilities are present in eBPF-enabled 5G deployments and can be exploited by attackers. Finally, we present some mitigation techniques useful for addressing the vulnerabilities. The source code and implementation details are made available at https://github.com/chimms1/5G-eBPF-exploits.