CVE-2025-10948 is a buffer overflow vulnerability identified in MikroTik RouterOS version 7, affecting the parse_json_element function in the /rest/ip/address/print endpoint within the libjson.so component. The vulnerability arises from improper handling of JSON parsing input, which can be manipulated remotely to overflow a buffer, potentially leading to arbitrary code execution or denial of service conditions. The attack vector is network-based and does not require authentication or user interaction, making it highly exploitable. The vulnerability impacts the confidentiality, integrity, and availability of affected devices, as attackers could gain control over routers or disrupt network operations. MikroTik has confirmed the issue and indicated that a patch will be included in a forthcoming RouterOS update. While no known exploits are currently active in the wild, the public disclosure of exploit code increases the risk of imminent attacks. MikroTik RouterOS is widely used in enterprise and ISP environments, making this vulnerability particularly concerning for network infrastructure security.

For European organizations, this vulnerability poses a significant threat to network infrastructure stability and security. MikroTik RouterOS devices are commonly deployed in enterprise networks, ISPs, and critical infrastructure sectors across Europe. Successful exploitation could lead to unauthorized access, network disruption, data interception, or lateral movement within corporate networks. This could impact confidentiality by exposing sensitive data, integrity by allowing unauthorized configuration changes, and availability by causing router crashes or network outages. Given the remote, unauthenticated exploit path, attackers could target vulnerable devices at scale, potentially affecting large segments of European network infrastructure. Critical sectors such as telecommunications, finance, government, and energy, which rely heavily on robust network equipment, may experience severe operational and reputational damage if exploited.

European organizations should implement the following specific mitigations: 1) Monitor MikroTik’s official channels closely for the release of the RouterOS patch addressing CVE-2025-10948 and prioritize timely deployment of the update. 2) Restrict access to the REST API endpoints on MikroTik devices by implementing network segmentation and firewall rules to limit exposure to trusted management networks only. 3) Employ network intrusion detection and prevention systems (IDS/IPS) with updated signatures to detect anomalous JSON parsing or buffer overflow attempts targeting MikroTik devices. 4) Conduct regular audits of MikroTik RouterOS versions in use and inventory all devices to ensure no unmanaged or outdated systems remain exposed. 5) Implement strict access controls and monitoring on network management interfaces to detect and respond to suspicious activities promptly. 6) Consider temporary disabling or restricting REST API services if feasible until the patch is applied to reduce attack surface.