CVE-2025-49491 is a medium-severity vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting ASR's Falcon_Linux, Kestrel, and Lapwing_Linux products, specifically in the traffic_stat modules. The vulnerability arises from improper handling of resource shutdown or release in the program files traffic_stat/traffic_service/traffic_service.C, leading to resource leaks. These leaks can cause gradual degradation of system performance or availability due to exhaustion of system resources such as memory, file descriptors, or network sockets. The issue affects versions prior to v1536 of the mentioned products. The CVSS v3.1 base score is 5.4, indicating a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), limited confidentiality impact (C:L), no integrity impact (I:N), and low availability impact (A:L). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability could be exploited remotely by an attacker with some level of privileges to cause resource exhaustion, potentially leading to denial of service or degraded performance in critical network traffic monitoring or management functions provided by these ASR Linux-based products.

For European organizations using ASR Falcon_Linux, Kestrel, or Lapwing_Linux, particularly in network infrastructure or traffic monitoring roles, this vulnerability could lead to resource leaks that degrade system availability over time. This may result in partial denial of service conditions affecting network traffic analysis, security monitoring, or operational continuity. Given the network-facing nature and low privilege requirement, attackers within the network perimeter could exploit this to disrupt services. The limited confidentiality impact reduces risk of data leakage, but availability degradation in critical network components could impact business operations, incident response, and compliance with European data protection regulations that require continuous system availability and integrity. Organizations relying on these products for traffic statistics or network management should be aware of potential performance degradation and plan for timely remediation.

1. Monitor resource usage closely on systems running affected ASR products, focusing on memory, file descriptors, and network sockets to detect abnormal resource consumption patterns. 2. Apply updates or patches from ASR as soon as they become available, prioritizing upgrade to version v1536 or later where the issue is resolved. 3. Restrict network access to the traffic_stat modules and associated services to trusted administrators and systems to reduce exposure to potential attackers with low privileges. 4. Implement network segmentation and strict access controls to limit the ability of attackers to reach vulnerable services. 5. Employ automated resource management and watchdog processes to restart or recover services exhibiting resource leaks before they impact availability. 6. Conduct regular security assessments and vulnerability scans specifically targeting ASR products to identify unpatched instances. 7. Engage with ASR support channels for advisories and guidance on interim mitigations if patches are delayed.