CVE-2025-61101 is a vulnerability identified in the FRRouting (FRR) open-source routing software, specifically affecting versions 4.0 through 10.4.1. The flaw resides in the show_vty_ext_link_rmt_itf_addr function within the ospf_ext.c source file, where a NULL pointer dereference occurs. This type of vulnerability (CWE-476) leads to a crash of the affected process when the function attempts to access or dereference a pointer that has not been properly initialized or is set to NULL. An attacker can exploit this by crafting and sending a malicious OSPF (Open Shortest Path First) packet designed to trigger this condition. Because OSPF is a widely used interior gateway protocol for routing IP packets within large enterprise and service provider networks, this vulnerability can be leveraged remotely without authentication or user interaction, making it accessible to any attacker capable of injecting OSPF packets into the network. The consequence is a denial of service (DoS) attack that disrupts the routing daemon, potentially causing network outages or routing instability. The CVSS v3.1 base score of 7.5 reflects high severity, with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). No patches or exploits are currently reported, but the vulnerability's nature and impact warrant immediate attention. FRRouting is commonly deployed in network infrastructure of ISPs, data centers, and large enterprises, making this vulnerability relevant for critical network operations.

For European organizations, the impact of CVE-2025-61101 can be significant, especially for those relying on FRRouting for OSPF-based routing in their network infrastructure. A successful exploit can cause the FRR daemon to crash, resulting in loss of routing information and network outages. This can disrupt business operations, degrade service availability, and potentially cause cascading failures in interconnected networks. Telecommunications providers, cloud service operators, and large enterprises with complex network topologies are particularly at risk. The disruption of OSPF routing can lead to packet loss, increased latency, and failure of critical applications dependent on network connectivity. Additionally, the lack of confidentiality or integrity impact means data theft or manipulation is unlikely, but the availability impact alone can cause severe operational and financial consequences. Given the vulnerability can be exploited remotely without authentication, attackers can launch DoS attacks from within or outside the network perimeter, increasing the threat surface. European critical infrastructure sectors, including finance, healthcare, and government networks, may face heightened risk if FRRouting is part of their routing stack.

To mitigate CVE-2025-61101, organizations should monitor FRRouting vendor channels for official patches or updates addressing this vulnerability and apply them promptly once available. In the absence of a patch, network administrators should consider implementing filtering rules to block or restrict OSPF packets from untrusted sources, limiting exposure to crafted malicious packets. Network segmentation and strict control of routing protocol exchanges can reduce the attack surface. Employing intrusion detection or prevention systems (IDS/IPS) capable of detecting anomalous OSPF traffic patterns may help identify and block exploitation attempts. Regularly auditing network devices and routing software versions to ensure they are up to date and supported is critical. Additionally, maintaining robust network monitoring to quickly detect routing daemon crashes or instability can enable rapid response and mitigation. Organizations should also review their incident response plans to include scenarios involving routing protocol DoS attacks. Collaboration with upstream providers and peers to ensure OSPF traffic integrity can further reduce risk.