Cyber Posture

CVE-2025-29310

CriticalRCE

Published: 24 March 2025

Published
24 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0017 38.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29310 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Opennetworking Onos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Mandates validation of untrusted LLDP packet inputs to directly prevent deserialization of malicious payloads leading to arbitrary command execution.

SI-2 Flaw Remediation good match
prevent

Requires timely identification and remediation of the specific deserialization flaw in ONOS v2.7.0 through patching or upgrades.

SC-7 Boundary Protection partial match
prevent

Enforces network boundaries to filter or block crafted LLDP packets before they reach the vulnerable deserialization component.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

The deserialization flaw in ONOS enables remote exploitation of a network-accessible application (T1190) via malicious LLDP packets, directly resulting in arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.

Deeper analysisAI

CVE-2025-29310 is a critical deserialization vulnerability (CWE-502) affecting ONOS version 2.7.0, published on 2025-03-24. The flaw arises from inadequate handling of crafted Link Layer Discovery Protocol (LLDP) packets, enabling a packet deserialization issue that compromises the software's integrity.

Remote attackers require no privileges or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 9.8) and can exploit it by supplying a malicious LLDP packet over the network. Successful exploitation allows arbitrary command execution or unauthorized access to network information.

For mitigation details, refer to the advisory at https://gist.github.com/Saber-Berserker/10c9d548b38fa988310d90b8314e3129.

Details

CWE(s)
CWE-502

Affected Products

opennetworking
onos
2.7.0

CVEs Like This One

CVE-2025-29311Same product: Opennetworking Onos
CVE-2025-29312Same product: Opennetworking Onos
CVE-2025-23006Shared CWE-502
CVE-2026-22345Shared CWE-502
CVE-2025-42944Shared CWE-502
CVE-2024-9664Shared CWE-502
CVE-2025-1971Shared CWE-502
CVE-2025-2485Shared CWE-502
CVE-2024-13889Shared CWE-502
CVE-2025-25940Shared CWE-502

References