CVE-2025-12200 identifies a null pointer dereference vulnerability in dnsmasq, a widely used lightweight DNS forwarder and DHCP server, specifically in versions up to 2.73rc6. The issue resides in the parse_dhcp_opt function within the src/option.c source file, part of the configuration file handler component. The vulnerability occurs when the argument 'm' is manipulated improperly, causing the function to dereference a null pointer, leading to a crash of the dnsmasq process. Exploitation requires local access with limited privileges (PR:L) and does not require user interaction or authentication. The attack vector is local, meaning remote exploitation is not feasible without prior system access. The impact is primarily on availability, as the crash results in denial of service of the dnsmasq service, potentially disrupting DHCP and DNS resolution on affected networks. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the limited attack vector and scope but acknowledging the potential for service disruption. The vendor was notified early but has not issued a patch or response, and no known exploits are currently active in the wild. Organizations relying on dnsmasq for network services should be aware of this vulnerability and prepare to mitigate its impact.

For European organizations, the primary impact of CVE-2025-12200 is the potential denial of service of network services relying on dnsmasq, such as DHCP and DNS forwarding. This can lead to network outages, loss of connectivity for end users, and disruption of critical business operations dependent on internal network services. Since exploitation requires local access, the threat is more relevant in environments where untrusted users have local system access, such as shared workstations, multi-tenant hosting, or poorly segmented networks. The unavailability of dnsmasq could affect enterprise networks, ISPs, and managed service providers that use dnsmasq in their infrastructure. The lack of vendor response and patches increases the risk window, potentially encouraging attackers to develop local exploits. While confidentiality and integrity impacts are minimal, availability degradation can have cascading effects on business continuity and operational efficiency.

1. Restrict local access to systems running vulnerable dnsmasq versions by enforcing strict access controls and user permissions to prevent untrusted users from executing local attacks. 2. Monitor dnsmasq service logs and system logs for crashes or abnormal restarts that may indicate exploitation attempts. 3. Implement network segmentation to isolate critical dnsmasq servers from less trusted user groups and reduce the risk of local exploitation. 4. Prepare for patch deployment by tracking vendor updates or community patches addressing this vulnerability, and apply them promptly once available. 5. Consider deploying alternative DHCP/DNS solutions temporarily if dnsmasq cannot be updated quickly. 6. Conduct internal audits to identify all systems running affected dnsmasq versions to prioritize mitigation efforts. 7. Employ host-based intrusion detection systems (HIDS) to detect anomalous behavior indicative of exploitation attempts. 8. Educate system administrators and security teams about this vulnerability to increase awareness and readiness.