CVE-2025-65411 is a vulnerability identified in GNU Unrtf version 0.21.10, specifically within the src/path.c source file. The issue is a NULL pointer dereference triggered when processing the search_path parameter. This occurs because the software fails to properly validate or handle certain crafted inputs, leading to an attempt to dereference a NULL pointer. The consequence is a Denial of Service (DoS) condition, where the application crashes or terminates unexpectedly, disrupting normal operations. The vulnerability can be exploited remotely without requiring any privileges or user interaction, making it accessible to unauthenticated attackers. The CVSS v3.1 base score of 7.5 reflects the network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but a high impact on availability. Although no public exploits are currently known, the vulnerability represents a significant risk to systems relying on GNU Unrtf for document conversion or processing tasks. The root cause aligns with CWE-476 (NULL Pointer Dereference), a common programming error that can lead to application instability or crashes. No patches or fixes are currently linked, indicating the need for developers or users to apply custom mitigations or await official updates.

For European organizations, the primary impact of CVE-2025-65411 is the potential disruption of services that depend on GNU Unrtf for converting or processing RTF documents. This could affect document management systems, automated workflows, or any backend processes that utilize Unrtf, leading to downtime or degraded service availability. Sectors such as government, finance, legal, and healthcare, which often handle large volumes of documents and may use open-source tools like Unrtf, could experience operational interruptions. Although the vulnerability does not compromise confidentiality or integrity, the denial of service could result in loss of productivity, delayed processing, and potential cascading effects on dependent systems. Additionally, if exploited in a targeted attack, it could serve as a vector for distraction or cover for other malicious activities. The lack of authentication or user interaction requirements increases the risk of widespread exploitation if the vulnerability becomes publicly known or weaponized.

To mitigate CVE-2025-65411, organizations should first identify all instances of GNU Unrtf in their environments, especially version 0.21.10. Since no official patches are currently available, users should consider the following specific actions: (1) Implement input validation and sanitization on the search_path parameter before it reaches Unrtf, blocking or filtering suspicious payloads that could trigger NULL dereferences. (2) Employ application-level sandboxing or containerization to isolate Unrtf processes, limiting the impact of crashes on broader systems. (3) Monitor logs and system behavior for abnormal terminations or crashes related to Unrtf usage to detect exploitation attempts early. (4) Engage with the GNU Unrtf development community to track patch releases or contribute fixes addressing the NULL pointer dereference. (5) Where feasible, replace or supplement Unrtf with alternative, actively maintained document conversion tools that do not exhibit this vulnerability. (6) Incorporate network-level protections such as web application firewalls (WAFs) to detect and block crafted payloads targeting this vulnerability. These measures go beyond generic advice by focusing on proactive input handling, isolation, monitoring, and community engagement.