CVE-2025-61104 affects FRRouting (FRR), an open-source routing software suite widely used in network infrastructure for dynamic routing protocols including OSPF. The vulnerability arises from a NULL pointer dereference in the show_vty_unknown_tlv function located in the ospf_ext.c source file. This function processes OSPF TLVs (Type-Length-Value structures) and fails to properly validate or handle unexpected or malformed TLVs. An attacker can exploit this flaw by crafting a malicious OSPF packet containing a malformed TLV that triggers the NULL pointer dereference when processed by the vulnerable FRR version (4.0 through 10.4.1). The result is a denial of service condition where the routing process crashes or becomes unresponsive, disrupting routing operations. Since OSPF is a critical interior gateway protocol used to exchange routing information within an autonomous system, such disruption can lead to network outages or degraded performance. The vulnerability does not require authentication, but the attacker must be able to send OSPF packets to the target device, which typically implies network access to the routing domain or adjacency. No CVSS score has been assigned yet, and no public exploits are known at this time. However, the vulnerability's impact on availability and the relative ease of exploitation make it a significant threat to networks using FRRouting for OSPF routing.

For European organizations, especially ISPs, data centers, and enterprises relying on FRRouting for OSPF routing, this vulnerability poses a risk of network outages or degraded service availability. Disruption of OSPF routing can cause loss of connectivity between network segments, impacting business operations, cloud services, and critical infrastructure. In sectors such as telecommunications, finance, and government, where network reliability is paramount, exploitation could lead to significant operational and financial consequences. Additionally, denial of service conditions in routing infrastructure could be leveraged as part of broader multi-stage attacks or to facilitate lateral movement within networks. The absence of known exploits currently reduces immediate risk, but the potential for future exploitation remains. Organizations with large-scale or complex OSPF deployments are particularly vulnerable to cascading failures triggered by this flaw.

1. Monitor FRRouting project communications and security advisories for the release of patches addressing CVE-2025-61104 and apply updates promptly. 2. Until patches are available, implement network-level controls to restrict OSPF packet sources to trusted devices only, using ACLs or firewall rules to block unauthorized OSPF traffic. 3. Segment routing domains to limit exposure of vulnerable FRR instances to untrusted networks or external attackers. 4. Employ OSPF authentication mechanisms (e.g., MD5 or SHA-based authentication) to prevent unauthorized OSPF packet injection, reducing the attack surface. 5. Conduct network traffic analysis to detect anomalous or malformed OSPF packets that could indicate exploitation attempts. 6. Maintain robust network monitoring and incident response capabilities to quickly identify and mitigate denial of service conditions. 7. Review and harden router configurations to minimize unnecessary exposure of routing protocols to external or less trusted network segments.