CVE-2025-61101 is a vulnerability identified in the FRRouting (FRR) open-source routing software, specifically affecting versions from 4.0 through 10.4.1. The flaw resides in the show_vty_ext_link_rmt_itf_addr function within the ospf_ext.c source file, where a NULL pointer dereference can occur. This happens when the function processes certain crafted OSPF (Open Shortest Path First) packets, leading to a crash of the routing daemon or a denial of service (DoS) condition. The vulnerability can be triggered remotely by an attacker capable of sending malicious OSPF packets to the target system, without requiring authentication or user interaction. The consequence is a disruption of OSPF routing processes, potentially causing network outages or routing instability. FRRouting is widely used in network infrastructure, including ISPs, data centers, and enterprise environments, as a routing protocol implementation supporting OSPF among others. Although no public exploits are known at this time, the vulnerability's nature suggests that exploitation could be straightforward for attackers with network access. No official CVSS score has been assigned yet, and no patches or mitigations are currently linked, indicating that vendors and users should monitor for updates. The vulnerability impacts the availability of routing services, which is critical for network operations.

For European organizations, the impact of CVE-2025-61101 can be significant, especially for those relying on FRRouting for OSPF routing in their network infrastructure. A successful attack could cause routing daemons to crash, leading to network outages, degraded service, or loss of connectivity between critical systems. This can affect ISPs, telecom providers, data centers, and large enterprises that depend on stable and reliable routing protocols. Disruptions in routing can cascade, impacting business operations, cloud services, and interconnectivity within and across European countries. The availability and integrity of network communications could be compromised, potentially affecting critical infrastructure sectors such as finance, healthcare, and government services. Given the vulnerability does not require authentication, attackers with network access (e.g., internal threat actors or compromised devices) could exploit this to cause denial of service. The lack of known exploits currently reduces immediate risk but does not eliminate the potential for future attacks.

European organizations should proactively monitor FRRouting vendor channels for patches addressing CVE-2025-61101 and apply updates promptly once available. Until patches are released, network administrators should consider implementing ingress and egress filtering to restrict OSPF packet sources to trusted devices only, reducing the attack surface. Network segmentation and strict control of routing protocol traffic can limit exposure. Deploying anomaly detection systems to monitor unusual OSPF traffic patterns may help identify exploitation attempts early. Additionally, organizations should review and harden their network device configurations to minimize unnecessary exposure of routing protocols to untrusted networks. Regular backups of routing configurations and failover mechanisms should be tested to ensure rapid recovery in case of disruption. Collaboration with ISPs and upstream providers to ensure secure routing practices can further mitigate risks. Finally, maintaining an incident response plan that includes network routing failures will improve organizational resilience.