CVE-2025-49488 is a medium severity vulnerability classified under CWE-404: Improper Resource Shutdown or Release, affecting ASR router components specifically in the Falcon_Linux, Kestrel, and Lapwing_Linux platforms prior to version 1536. The vulnerability resides in the router's phonebook component, particularly within the source file router/phonebook/pb.c. Improper resource shutdown or release means that the software fails to correctly free or close resources such as memory, file handles, or network connections after use. This can lead to resource leaks, which may degrade system performance or cause denial of service conditions over time as resources become exhausted. The CVSS 3.1 base score is 5.4, indicating a medium impact. The vector string (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) shows that the vulnerability can be exploited remotely over the network with low attack complexity, requires low privileges, no user interaction, and impacts confidentiality slightly and availability to a limited extent. There are no known exploits in the wild at this time, and no patches have been linked yet, suggesting that mitigation may require vendor updates or configuration changes once available. The vulnerability affects router hardware models ASR180x and ASR190x running the vulnerable Linux-based firmware versions. The improper resource release could allow attackers to cause resource leaks leading to degraded router performance or potential denial of service, impacting network reliability and availability.

For European organizations, this vulnerability could affect network infrastructure stability, especially in enterprises or service providers using ASR180x and ASR190x routers running Falcon_Linux, Kestrel, or Lapwing_Linux firmware versions before v1536. Resource leaks can accumulate over time, potentially causing routers to slow down, crash, or reboot unexpectedly, leading to network outages or degraded service quality. This can disrupt business operations, especially for critical infrastructure, telecommunications providers, or large enterprises relying on these routers for internal or external connectivity. Although the confidentiality impact is low, availability degradation can affect service-level agreements and operational continuity. The requirement for low privileges to exploit means that insider threats or attackers who have gained limited access could leverage this vulnerability to cause denial of service conditions. Given the importance of network infrastructure in European digital economies and critical sectors, the vulnerability poses a moderate risk to operational resilience.

1. Immediate mitigation should include monitoring router resource usage metrics such as memory, file handles, and CPU load to detect abnormal resource consumption patterns that may indicate exploitation or resource leaks. 2. Restrict access to router management interfaces to trusted administrators only, using strong authentication and network segmentation to reduce the risk of low-privilege attackers exploiting the vulnerability. 3. Apply firmware updates or patches from the vendor as soon as they become available to address the improper resource shutdown issue. 4. If patches are not yet available, consider temporary workarounds such as scheduled router reboots during maintenance windows to clear leaked resources and maintain stability. 5. Conduct network segmentation and redundancy planning to minimize the impact of potential router outages on critical services. 6. Engage with the vendor for detailed remediation guidance and to obtain early access to fixes or mitigations. 7. Implement logging and alerting on router anomalies to enable rapid detection and response to potential exploitation attempts.