Cyber Resilience

CVE-2025-29312

CriticalPublic PoC

Published: 24 March 2025

Published
24 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0020 42.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29312 is a critical-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Opennetworking Onos. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Denial of Service (T1498); ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-29312 is a vulnerability in ONOS version 2.7.0, an open-source SDN controller. The issue, classified under CWE-670 (Always-Incorrect Control Flow Implementation), enables attackers to trigger unexpected behavior within a device connected to a legacy switch. This occurs by changing the link type from indirect to direct, potentially disrupting normal network operations. The vulnerability received a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating critical severity due to high impacts on integrity and availability with no confidentiality impact.

Remote attackers require no privileges, user interaction, or special conditions beyond network access to exploit this vulnerability, making it highly accessible with low attack complexity. Successful exploitation allows attackers to alter link configurations in the SDN environment, leading to unexpected behavior in connected devices on legacy switches. This can result in significant integrity violations, such as incorrect data routing or state changes, and availability disruptions, potentially causing service outages or misconfigurations in the controlled network.

References for CVE-2025-29312 point to a GitHub Gist at https://gist.github.com/Saber-Berserker/4e54c2aa70abab2b133ce2c2b7e91249, which provides additional details on the issue. No specific patch or mitigation guidance is detailed in the provided information.

EU & UK References

Vulnerability details

An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1498 Network Denial of Service Impact
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.
T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Vulnerability enables remote unauth alteration of SDN link configurations, facilitating network service outages (T1498) and incorrect data routing/state changes (T1565.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-29311Same product: Opennetworking Onos
CVE-2025-29310Same product: Opennetworking Onos
CVE-2025-43359Shared CWE-670
CVE-2026-40960Shared CWE-670
CVE-2026-1874Shared CWE-670
CVE-2026-40200Shared CWE-670
CVE-2026-40719Shared CWE-670
CVE-2026-33011Shared CWE-670
CVE-2026-35414Shared CWE-670
CVE-2025-58136Shared CWE-670

Affected Assets

opennetworking
onos
2.7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific flaw in ONOS v2.7.0 that causes always-incorrect control flow when changing link types from indirect to direct.

prevent

Validates inputs to SDN controller functions handling link type changes to block invalid transitions that trigger unexpected behavior.

prevent

Monitors and controls network communications to SDN controller interfaces, preventing unauthorized remote access required to exploit the link type manipulation.

References