CVE-2025-61099 is a vulnerability identified in the FRRouting (FRR) software suite, specifically affecting versions from 2.0 through 10.4.1. The flaw resides in the ospf_opaque.c source file within the opaque_info_detail function, where a NULL pointer dereference can occur when processing OSPF Link State Update (LS Update) packets. This vulnerability is triggered by sending a crafted LS Update packet that causes the routing daemon to dereference a NULL pointer, leading to a crash and thus a Denial of Service (DoS). The vulnerability does not require any privileges, authentication, or user interaction, making it remotely exploitable by an unauthenticated attacker with network access to the vulnerable FRR instance. The CVSS v3.1 base score of 7.5 reflects a high severity due to the network attack vector, low attack complexity, and the impact on availability without affecting confidentiality or integrity. FRR is widely used in routing infrastructure for OSPF protocol implementations in ISPs, data centers, and enterprise networks. The DoS condition can disrupt network routing, causing outages or degraded performance. No public exploits have been reported yet, but the vulnerability's nature suggests it could be weaponized. The absence of a patch link indicates that a fix may still be pending or in development. The underlying issue is classified under CWE-476 (NULL Pointer Dereference), a common programming error leading to crashes. Organizations using FRR should be aware of this vulnerability and prepare to apply patches once released.

The primary impact of CVE-2025-61099 is the disruption of network availability due to a Denial of Service condition in FRRouting's OSPF implementation. For European organizations, especially those operating critical network infrastructure such as ISPs, telecommunications providers, cloud service providers, and large enterprises, this can lead to significant network outages or routing instability. Such disruptions can affect business continuity, degrade service quality, and potentially cause cascading failures in dependent systems. The vulnerability does not compromise data confidentiality or integrity directly but can indirectly impact operational security by causing network downtime. Given FRR's role in dynamic routing, an exploited DoS could isolate network segments or interrupt interconnectivity between sites. This is particularly concerning for sectors reliant on high availability and real-time communications, including finance, healthcare, and government services. The lack of authentication and user interaction requirements increases the risk of exploitation from external attackers. Although no known exploits are currently active, the potential for rapid exploitation once a public exploit emerges is high.

1. Monitor FRRouting project communications and security advisories closely to apply official patches or updates as soon as they become available. 2. In the interim, implement network-level filtering to block or restrict OSPF LS Update packets from untrusted or external sources, using firewalls or router ACLs to limit exposure. 3. Employ network segmentation to isolate routing infrastructure from general user networks, reducing the attack surface. 4. Enable logging and monitoring on routing daemons to detect abnormal crashes or restarts indicative of exploitation attempts. 5. Conduct regular vulnerability assessments and penetration testing focused on routing infrastructure to identify weaknesses. 6. Consider deploying redundant routing paths and failover mechanisms to maintain network availability in case of a DoS event. 7. Educate network operations teams about this vulnerability and establish incident response procedures specific to routing daemon failures. 8. Review and harden OSPF configurations, disabling unnecessary opaque LSAs or features if possible to reduce attack vectors.