CVE-2025-12200 is a vulnerability identified in the dnsmasq software, specifically affecting versions up to 2.73rc6. The issue resides in the parse_dhcp_opt function within the src/option.c file, part of the Config File Handler component. The vulnerability arises when the argument 'm' is manipulated, causing a NULL pointer dereference. This results in the dnsmasq process crashing, leading to a denial of service (DoS) condition. The attack vector is local, requiring the attacker to have low-level privileges on the affected system. No user interaction or network-based exploitation is possible, limiting the attack surface. The vulnerability has a CVSS 4.8 score, reflecting its medium severity, primarily due to its limited exploitability and impact confined to availability. Although the vendor was contacted early, no patch or response has been provided, and no known exploits are currently active in the wild. The public disclosure of the exploit code increases the risk of opportunistic attacks, especially in environments where dnsmasq is used for DHCP and DNS services on local machines or embedded devices. The vulnerability does not affect confidentiality or integrity but can disrupt network services dependent on dnsmasq, potentially impacting dependent applications and users.

For European organizations, the primary impact of CVE-2025-12200 is service disruption due to denial of service on systems running vulnerable dnsmasq versions. This can affect DHCP and DNS resolution services locally, potentially causing network outages or degraded performance in environments relying on dnsmasq for local network management. Critical infrastructure, enterprise networks, and embedded systems using dnsmasq may experience interruptions, impacting business continuity. Although the attack requires local access, insider threats or compromised accounts could exploit this vulnerability to disrupt services. The lack of vendor response and patch availability increases risk exposure. Organizations with strict uptime requirements or those operating in sectors like telecommunications, manufacturing, or public services may face operational challenges. However, since the vulnerability does not allow remote exploitation or data compromise, the confidentiality and integrity of systems remain intact. The medium severity rating reflects these factors, emphasizing availability impact with limited attack vectors.

European organizations should prioritize upgrading dnsmasq to a version later than 2.73rc6 once an official patch is released or consider applying community-developed patches if available. Until then, restrict local access to systems running vulnerable dnsmasq versions by enforcing strict user permissions and monitoring for unauthorized local activity. Employ host-based intrusion detection systems (HIDS) to detect abnormal process crashes or suspicious local behavior. Network segmentation can limit the exposure of critical systems to potentially malicious insiders. Regularly audit and harden systems to minimize the number of users with local access rights. Consider replacing dnsmasq with alternative DHCP/DNS solutions that are actively maintained and patched. Maintain up-to-date backups and incident response plans to quickly recover from potential service disruptions. Finally, monitor security advisories for updates from the dnsmasq project or security community regarding patches or mitigations.