CVE-2025-5072: CWE-404 Improper Resource Shutdown or Release in ASR Falcon_Linux、Kestrel、Lapwing_Linux
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
AI Analysis
Technical Summary
CVE-2025-5072 is a resource leak vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting ASR's networking products running Falcon_Linux, Kestrel, and Lapwing_Linux operating systems, specifically versions prior to v1536. The vulnerability resides in the con_mgr component of ASR180x and ASR190x devices, where resources are not properly released after use, leading to resource leaks. This improper resource management can cause gradual depletion of system resources such as memory or file descriptors, potentially resulting in degraded device performance or denial of service (DoS) conditions over time. The CVSS v3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), limited confidentiality impact (C:L), no integrity impact (I:N), and low availability impact (A:L). No known exploits are reported in the wild, and no patches are currently linked. The vulnerability does not require user interaction but does require some level of privilege, indicating that an attacker with limited access could exploit this remotely to cause resource exhaustion and potential service disruption on affected ASR devices. These devices are typically used in enterprise and service provider network infrastructure, making the vulnerability relevant for network stability and availability.
Potential Impact
For European organizations, especially those relying on ASR180x and ASR190x routers or network devices running Falcon_Linux, Kestrel, or Lapwing_Linux, this vulnerability could lead to network instability or outages due to resource exhaustion. This is particularly critical for ISPs, telecommunications providers, and large enterprises with complex network infrastructures that depend on these devices for routing and connectivity. A successful exploitation could degrade network performance or cause denial of service, impacting business operations, customer connectivity, and potentially critical services. While the confidentiality and integrity impacts are minimal, availability degradation can have significant operational and financial consequences. Given the medium severity and the requirement for some privileges, the threat is moderate but should not be overlooked, especially in environments where attackers might gain limited access through other means. The lack of known exploits suggests limited immediate risk, but the vulnerability could be leveraged in targeted attacks or combined with other exploits to escalate impact.
Mitigation Recommendations
European organizations should proactively monitor their ASR180x and ASR190x devices for firmware versions and upgrade to version v1536 or later once available to address this vulnerability. In the absence of patches, administrators should implement strict access controls to limit privileged access to the con_mgr component and related management interfaces, reducing the risk of exploitation. Network segmentation and monitoring for unusual resource usage patterns on affected devices can help detect early signs of exploitation. Additionally, implementing rate limiting and resource usage quotas where possible can mitigate the impact of resource leaks. Regular audits of device logs and performance metrics should be conducted to identify potential resource exhaustion symptoms. Organizations should also engage with ASR vendor support for updates and advisories, and consider deploying redundancy and failover mechanisms to maintain network availability in case of device degradation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Poland
CVE-2025-5072: CWE-404 Improper Resource Shutdown or Release in ASR Falcon_Linux、Kestrel、Lapwing_Linux
Description
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
AI-Powered Analysis
Technical Analysis
CVE-2025-5072 is a resource leak vulnerability classified under CWE-404 (Improper Resource Shutdown or Release) affecting ASR's networking products running Falcon_Linux, Kestrel, and Lapwing_Linux operating systems, specifically versions prior to v1536. The vulnerability resides in the con_mgr component of ASR180x and ASR190x devices, where resources are not properly released after use, leading to resource leaks. This improper resource management can cause gradual depletion of system resources such as memory or file descriptors, potentially resulting in degraded device performance or denial of service (DoS) conditions over time. The CVSS v3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), limited confidentiality impact (C:L), no integrity impact (I:N), and low availability impact (A:L). No known exploits are reported in the wild, and no patches are currently linked. The vulnerability does not require user interaction but does require some level of privilege, indicating that an attacker with limited access could exploit this remotely to cause resource exhaustion and potential service disruption on affected ASR devices. These devices are typically used in enterprise and service provider network infrastructure, making the vulnerability relevant for network stability and availability.
Potential Impact
For European organizations, especially those relying on ASR180x and ASR190x routers or network devices running Falcon_Linux, Kestrel, or Lapwing_Linux, this vulnerability could lead to network instability or outages due to resource exhaustion. This is particularly critical for ISPs, telecommunications providers, and large enterprises with complex network infrastructures that depend on these devices for routing and connectivity. A successful exploitation could degrade network performance or cause denial of service, impacting business operations, customer connectivity, and potentially critical services. While the confidentiality and integrity impacts are minimal, availability degradation can have significant operational and financial consequences. Given the medium severity and the requirement for some privileges, the threat is moderate but should not be overlooked, especially in environments where attackers might gain limited access through other means. The lack of known exploits suggests limited immediate risk, but the vulnerability could be leveraged in targeted attacks or combined with other exploits to escalate impact.
Mitigation Recommendations
European organizations should proactively monitor their ASR180x and ASR190x devices for firmware versions and upgrade to version v1536 or later once available to address this vulnerability. In the absence of patches, administrators should implement strict access controls to limit privileged access to the con_mgr component and related management interfaces, reducing the risk of exploitation. Network segmentation and monitoring for unusual resource usage patterns on affected devices can help detect early signs of exploitation. Additionally, implementing rate limiting and resource usage quotas where possible can mitigate the impact of resource leaks. Regular audits of device logs and performance metrics should be conducted to identify potential resource exhaustion symptoms. Organizations should also engage with ASR vendor support for updates and advisories, and consider deploying redundancy and failover mechanisms to maintain network availability in case of device degradation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ASR
- Date Reserved
- 2025-05-22T03:30:06.712Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6863a5c56f40f0eb728ebeb5
Added to database: 7/1/2025, 9:09:25 AM
Last enriched: 7/1/2025, 9:24:44 AM
Last updated: 7/1/2025, 9:24:44 AM
Views: 2
Related Threats
CVE-2025-49490: CWE-404 Improper Resource Shutdown or Release in ASR Falcon_Linux、Kestrel、Lapwing_Linux
MediumCVE-2025-49489: CWE-404 Improper Resource Shutdown or Release in ASR Falcon_Linux、Kestrel、Lapwing_Linux
MediumCVE-2025-6756: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in themefic Ultra Addons for Contact Form 7
MediumCVE-2025-41656: CWE-306 Missing Authentication for Critical Function in Pilz IndustrialPI 4 with Firmware Bullseye
CriticalCVE-2025-41648: CWE-704 Incorrect Type Conversion or Cast in Pilz IndustrialPI 4 with IndustrialPI webstatus
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.