CVE-2025-61105: n/a
CVE-2025-61105 is a denial of service vulnerability in FRRouting (FRR) versions 4. 0 through 10. 4. 1 caused by a NULL pointer dereference in the show_vty_link_info function within ospf_ext. c. An attacker can exploit this flaw by sending a specially crafted OSPF packet, causing the affected router or network device to crash or become unresponsive. This vulnerability does not require authentication but does require network access to the OSPF protocol. No known exploits are currently reported in the wild. European organizations relying on FRRouting for OSPF routing face potential service disruption, impacting network availability and operational continuity. Mitigation involves promptly updating to a fixed FRR version once available or applying vendor patches, and implementing network-level filtering to restrict OSPF packet sources.
AI Analysis
Technical Summary
CVE-2025-61105 is a vulnerability identified in the FRRouting (FRR) software suite, specifically affecting versions from 4.0 through 10.4.1. The flaw resides in the show_vty_link_info function within the ospf_ext.c source file, where a NULL pointer dereference can occur. This happens when the function processes certain crafted OSPF (Open Shortest Path First) packets. OSPF is a widely used interior gateway routing protocol in many enterprise and service provider networks. The NULL pointer dereference leads to a crash of the FRR process handling OSPF, resulting in a denial of service (DoS) condition. Because FRRouting is often deployed on routers and network devices to manage routing protocols, this DoS can cause network outages or degraded performance. The vulnerability can be exploited remotely by an attacker who can send malicious OSPF packets to the vulnerable device, without requiring authentication or user interaction. No CVSS score has been assigned yet, and no public exploits have been reported, but the potential for disruption is significant due to the critical role of routing in network operations.
Potential Impact
For European organizations, the primary impact of CVE-2025-61105 is the potential loss of network availability due to router or network device crashes. This can disrupt internal communications, internet connectivity, and critical services relying on stable routing infrastructure. Telecommunications providers, data centers, and enterprises using FRRouting for OSPF routing are at risk of service outages, which could lead to operational downtime and financial losses. The disruption could also affect inter-organizational connectivity and cloud service access. Given the reliance on OSPF in many European networks, the vulnerability poses a risk to network stability and resilience, especially in sectors like finance, healthcare, and government where uptime is critical. While no data confidentiality or integrity breach is indicated, the availability impact alone can have cascading effects on business continuity.
Mitigation Recommendations
Organizations should monitor FRRouting vendor advisories for patches addressing CVE-2025-61105 and apply updates promptly once available. Until patches are released, network administrators should implement ingress and egress filtering to restrict OSPF packets to trusted sources only, minimizing exposure to crafted malicious packets. Deploying network segmentation to isolate routing devices and limiting OSPF adjacency to known neighbors can reduce attack surface. Monitoring OSPF traffic for anomalies and unusual packet patterns can help detect attempted exploitation. Additionally, consider deploying redundancy in routing infrastructure to maintain network availability if a device is impacted. Regularly review and update network device configurations to follow security best practices, including disabling unnecessary services and protocols. Finally, maintain incident response plans that include procedures for network device failures caused by DoS conditions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain
CVE-2025-61105: n/a
Description
CVE-2025-61105 is a denial of service vulnerability in FRRouting (FRR) versions 4. 0 through 10. 4. 1 caused by a NULL pointer dereference in the show_vty_link_info function within ospf_ext. c. An attacker can exploit this flaw by sending a specially crafted OSPF packet, causing the affected router or network device to crash or become unresponsive. This vulnerability does not require authentication but does require network access to the OSPF protocol. No known exploits are currently reported in the wild. European organizations relying on FRRouting for OSPF routing face potential service disruption, impacting network availability and operational continuity. Mitigation involves promptly updating to a fixed FRR version once available or applying vendor patches, and implementing network-level filtering to restrict OSPF packet sources.
AI-Powered Analysis
Technical Analysis
CVE-2025-61105 is a vulnerability identified in the FRRouting (FRR) software suite, specifically affecting versions from 4.0 through 10.4.1. The flaw resides in the show_vty_link_info function within the ospf_ext.c source file, where a NULL pointer dereference can occur. This happens when the function processes certain crafted OSPF (Open Shortest Path First) packets. OSPF is a widely used interior gateway routing protocol in many enterprise and service provider networks. The NULL pointer dereference leads to a crash of the FRR process handling OSPF, resulting in a denial of service (DoS) condition. Because FRRouting is often deployed on routers and network devices to manage routing protocols, this DoS can cause network outages or degraded performance. The vulnerability can be exploited remotely by an attacker who can send malicious OSPF packets to the vulnerable device, without requiring authentication or user interaction. No CVSS score has been assigned yet, and no public exploits have been reported, but the potential for disruption is significant due to the critical role of routing in network operations.
Potential Impact
For European organizations, the primary impact of CVE-2025-61105 is the potential loss of network availability due to router or network device crashes. This can disrupt internal communications, internet connectivity, and critical services relying on stable routing infrastructure. Telecommunications providers, data centers, and enterprises using FRRouting for OSPF routing are at risk of service outages, which could lead to operational downtime and financial losses. The disruption could also affect inter-organizational connectivity and cloud service access. Given the reliance on OSPF in many European networks, the vulnerability poses a risk to network stability and resilience, especially in sectors like finance, healthcare, and government where uptime is critical. While no data confidentiality or integrity breach is indicated, the availability impact alone can have cascading effects on business continuity.
Mitigation Recommendations
Organizations should monitor FRRouting vendor advisories for patches addressing CVE-2025-61105 and apply updates promptly once available. Until patches are released, network administrators should implement ingress and egress filtering to restrict OSPF packets to trusted sources only, minimizing exposure to crafted malicious packets. Deploying network segmentation to isolate routing devices and limiting OSPF adjacency to known neighbors can reduce attack surface. Monitoring OSPF traffic for anomalies and unusual packet patterns can help detect attempted exploitation. Additionally, consider deploying redundancy in routing infrastructure to maintain network availability if a device is impacted. Regularly review and update network device configurations to follow security best practices, including disabling unnecessary services and protocols. Finally, maintain incident response plans that include procedures for network device failures caused by DoS conditions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-09-26T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68ffca08ba6dffc5e20a0007
Added to database: 10/27/2025, 7:37:44 PM
Last enriched: 10/27/2025, 7:53:03 PM
Last updated: 10/27/2025, 9:49:03 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-62781: CWE-613: Insufficient Session Expiration in THM-Health PILOS
MediumCVE-2025-62779: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in frappe lms
LowCVE-2025-62778: CWE-425: Direct Request ('Forced Browsing') in frappe lms
LowCVE-2025-12329: SQL Injection in shawon100 RUET OJ
MediumCVE-2025-12328: SQL Injection in shawon100 RUET OJ
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.