CVE-2025-61099 is a vulnerability identified in the FRRouting (FRR) software suite, specifically affecting versions from 2.0 through 10.4.1. The flaw exists in the ospf_opaque.c source file within the opaque_info_detail function, where a NULL pointer dereference can occur. This happens when the function processes a crafted Link State Update (LS Update) packet in the OSPF (Open Shortest Path First) routing protocol implementation. The NULL pointer dereference leads to a denial of service (DoS) condition by crashing the FRR daemon responsible for OSPF routing. Since FRR is widely used as an open-source routing protocol suite in various network devices and infrastructure, this vulnerability can cause significant network outages or routing disruptions. Exploitation requires an attacker to send malicious OSPF LS Update packets to the targeted FRR instance, which implies the attacker must have network access to the routing domain or be able to inject packets into the OSPF adjacency. There is no indication that authentication or user interaction is required, making exploitation relatively straightforward for an attacker with network access. No CVSS score has been assigned yet, and no public exploits have been reported. The vulnerability was reserved in late September 2025 and published in late October 2025, indicating recent discovery. The absence of patches at the time of publication suggests that organizations must rely on temporary mitigations until official fixes are released.

For European organizations, the impact of CVE-2025-61099 can be significant, especially for those relying on FRRouting in their network infrastructure, including ISPs, data centers, cloud providers, and critical infrastructure operators. A successful exploit can cause denial of service by crashing routing processes, leading to network outages, loss of connectivity, and potential cascading failures in dependent systems. This can disrupt business operations, degrade service availability, and impact end-users. In critical sectors such as finance, healthcare, and telecommunications, such disruptions can have severe operational and reputational consequences. Additionally, the vulnerability could be leveraged as part of a broader attack campaign to degrade network reliability or as a distraction while other attacks are conducted. The lack of authentication requirements and the relative ease of triggering the vulnerability increase the risk profile. European organizations with complex OSPF-based routing topologies are particularly at risk, as routing instability can propagate widely.

1. Monitor official FRRouting repositories and vendor advisories closely for the release of patches addressing CVE-2025-61099 and apply them promptly. 2. Until patches are available, implement network-level filtering to block or drop malformed or suspicious OSPF LS Update packets, especially from untrusted or external sources. 3. Restrict OSPF adjacency formation to trusted devices and interfaces only, using authentication mechanisms such as OSPF MD5 or cryptographic authentication to prevent unauthorized packet injection. 4. Employ network segmentation to isolate routing protocol traffic from general user traffic and limit exposure. 5. Use intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous OSPF packets indicative of exploitation attempts. 6. Conduct regular network traffic analysis to identify unusual OSPF LS Update packet patterns. 7. Prepare incident response plans to quickly recover routing services in case of DoS events. 8. Consider alternative routing protocol implementations or redundant routing paths to maintain network availability during remediation.