CVE-2025-0430
Published: 17 January 2025
Summary
CVE-2025-0430 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Cisa (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 19.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Belledonne Communications Linphone-Desktop is affected by a NULL Dereference vulnerability tracked as CVE-2025-0430 and assigned CWE-476. The flaw can trigger a denial-of-service condition and carries a CVSS 4.0 score of 8.7 reflecting network attack vector, low attack complexity, and no required privileges or user interaction.
A remote unauthenticated attacker can send crafted input over the network to induce the NULL dereference, causing the application to crash and producing a denial-of-service state without further impact on confidentiality or integrity.
The issue is referenced in CISA advisory ICSA-25-014-04.
EPSS remains low, with a current value of 0.0139 and a peak of 0.0181.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1664
Vulnerability details
Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL dereference enables remote application crash via exploitation for endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires identification, reporting, and correction of flaws like this NULL dereference vulnerability to prevent remote DoS exploitation.
Provides specific protections against denial-of-service events triggered by remote exploitation of the NULL dereference flaw.
Mandates proper error handling to mitigate application crashes from null pointer dereferences caused by malicious network inputs.