CVE-2025-12199 is a vulnerability identified in the dnsmasq software, specifically affecting versions up to 2.73rc6. The flaw resides in the check_servers function of the src/network.c file, part of the Config File Handler component. It results from improper handling of pointers, leading to a null pointer dereference condition. When triggered, this causes the dnsmasq process to crash, resulting in a denial of service (DoS) condition. The vulnerability requires local access with low privileges (PR:L) and does not require user interaction or authentication beyond local system access. The attack complexity is low, meaning an attacker with local access can reliably cause the crash. The vendor was notified early but did not respond, and an exploit has been publicly disclosed, increasing the risk of exploitation. However, no confirmed exploits in the wild have been reported to date. The vulnerability affects network infrastructure components that rely on dnsmasq for DNS caching and DHCP services, which are critical for network operations. The CVSS 4.0 base score is 4.8, reflecting a medium severity due to the limited attack vector (local) and the impact mainly on availability. The vulnerability does not affect confidentiality or integrity directly but can disrupt network services, impacting business continuity and operational stability.

For European organizations, the primary impact of CVE-2025-12199 is the potential denial of service of dnsmasq, which could disrupt DNS resolution and DHCP services on local networks. This disruption can lead to loss of network connectivity for devices relying on these services, affecting internal communications, access to internet resources, and potentially critical business applications. Organizations with large-scale deployments of dnsmasq in network infrastructure, such as ISPs, data centers, and enterprises using open-source network management tools, may experience operational interruptions. The local attack requirement limits remote exploitation risks but increases the threat from insider attacks or compromised local accounts. In sectors like finance, healthcare, and critical infrastructure within Europe, even short service outages can have significant operational and regulatory consequences. The lack of vendor response and public exploit availability heightens the urgency for organizations to proactively manage this vulnerability. However, since the vulnerability does not allow remote code execution or data compromise, the overall risk to confidentiality and integrity is low.

1. Upgrade dnsmasq to a version beyond 2.73rc6 once an official patch addressing CVE-2025-12199 is released. 2. Until a patch is available, restrict local access to systems running vulnerable dnsmasq versions by enforcing strict access controls and monitoring local user activities. 3. Implement host-based intrusion detection systems (HIDS) to detect abnormal dnsmasq crashes or restarts that may indicate exploitation attempts. 4. Regularly audit and harden network infrastructure devices to minimize the number of users with local access privileges. 5. Use containerization or sandboxing for dnsmasq instances to limit the impact of crashes on the host system. 6. Maintain up-to-date backups and incident response plans to quickly recover from potential service disruptions. 7. Monitor security advisories from dnsmasq maintainers and relevant CERTs for updates or additional mitigation guidance.