CVE-2025-61102 is a vulnerability identified in the FRRouting (FRR) software suite, specifically affecting versions from 4.0 through 10.4.1. The issue stems from a NULL pointer dereference in the show_vty_ext_link_adj_sid function located in the ospf_ext.c source file. This function is involved in processing OSPF (Open Shortest Path First) routing protocol packets, particularly those related to segment routing extensions. An attacker can exploit this vulnerability by crafting and sending a malicious OSPF packet that triggers the NULL pointer dereference, causing the FRRouting daemon to crash or become unresponsive. This results in a Denial of Service (DoS) condition, disrupting routing operations and potentially causing network outages. The vulnerability is remotely exploitable without requiring any authentication or user interaction, increasing the risk profile. The CVSS v3.1 base score is 7.5, reflecting a high severity primarily due to the impact on availability and the low complexity of the attack vector. No known public exploits have been reported yet, and no patches were linked at the time of disclosure, indicating that organizations should prioritize monitoring and mitigation efforts. The underlying cause is classified under CWE-476 (NULL Pointer Dereference), a common programming error that leads to software crashes when dereferencing invalid memory pointers. FRRouting is widely used in enterprise and service provider networks for dynamic routing, making this vulnerability particularly relevant for critical infrastructure.

The primary impact of CVE-2025-61102 is a Denial of Service against network routing infrastructure using FRRouting with OSPF enabled. For European organizations, this can lead to significant network outages, degraded service availability, and potential cascading failures in interconnected networks. Enterprises relying on FRRouting for internal or edge routing may experience loss of connectivity, impacting business operations, cloud services, and critical communications. Telecommunications providers and data centers using FRRouting as part of their routing stack could face service disruptions affecting large customer bases. The vulnerability does not impact confidentiality or integrity directly but compromises availability, which is critical for network stability. Given the remote exploitability without authentication, attackers can launch attacks from outside the network perimeter, increasing the threat surface. The absence of known exploits currently provides a window for proactive defense, but the high CVSS score indicates that exploitation could have severe operational consequences.

1. Monitor FRRouting vendor channels closely for official patches addressing CVE-2025-61102 and apply them immediately upon release. 2. Implement network-level filtering to block or rate-limit OSPF packets from untrusted or external sources, reducing exposure to crafted malicious packets. 3. Employ segmentation and strict access controls on routing protocol traffic to limit which devices can send OSPF packets to FRRouting instances. 4. Enable and enhance logging and monitoring of FRRouting daemons to detect abnormal crashes or restarts indicative of exploitation attempts. 5. Consider deploying redundant routing paths and failover mechanisms to maintain network availability in case of a DoS event. 6. Conduct internal vulnerability assessments and penetration tests simulating crafted OSPF packets to evaluate exposure and response readiness. 7. Educate network operations teams about this vulnerability and establish incident response procedures specific to routing daemon failures. These steps go beyond generic advice by focusing on network protocol filtering, operational monitoring, and resilience planning tailored to FRRouting and OSPF environments.