CVE-2025-61107 is a vulnerability identified in the FRRouting (FRR) software suite, specifically affecting versions from 4.0 up to 10.4.1. The flaw exists in the show_vty_ext_pref_pref_sid function located in the ospf_ext.c source file, where a NULL pointer dereference can be triggered. This occurs when processing a crafted OSPF (Open Shortest Path First) LSA (Link State Advertisement) Update packet. OSPF is a widely used interior gateway routing protocol in IP networks, and FRRouting is a popular open-source routing software used in many network devices and environments. The NULL pointer dereference leads to a crash of the FRRouting daemon, causing a denial of service (DoS) condition by disrupting routing operations. Exploitation does not require authentication but does require the attacker to send malicious OSPF packets, which implies network-level access or the ability to inject OSPF traffic. No public exploits have been reported yet, and no official patches or CVSS scores have been published at the time of disclosure. The vulnerability affects network availability and could lead to routing outages or instability, impacting network reliability and potentially causing cascading failures in dependent systems.

For European organizations, the impact of CVE-2025-61107 can be significant, especially for those relying on FRRouting in critical network infrastructure such as ISPs, data centers, cloud providers, and large enterprises with complex routing needs. A successful attack could cause network outages, interrupting business operations, degrading service quality, and potentially causing financial and reputational damage. The disruption of routing services can affect internal communications, internet connectivity, and inter-network data flows. In sectors like finance, healthcare, and government, where network availability is crucial, this vulnerability could lead to operational paralysis or compromise service-level agreements. Additionally, the downtime caused by the DoS could be exploited as a diversion for other attacks. The lack of authentication requirement increases the risk, as attackers with network access can trigger the vulnerability without needing privileged credentials.

To mitigate CVE-2025-61107, organizations should prioritize updating FRRouting to a version that includes a fix once it is released by the maintainers. Until a patch is available, network administrators should implement strict filtering of OSPF packets, allowing only trusted sources to send OSPF updates. This can be achieved by configuring access control lists (ACLs) or firewall rules on routers and switches to block unauthorized OSPF traffic. Monitoring network devices for unexpected crashes or restarts can help detect exploitation attempts early. Network segmentation can limit the exposure of routing devices to untrusted networks. Additionally, employing anomaly detection systems to identify unusual OSPF packet patterns may provide early warning signs of exploitation attempts. Regular backups of router configurations and having a recovery plan in place will help minimize downtime if an attack occurs.