CVE-2025-29312

CriticalPublic PoC

Published: 24 March 2025

Published

24 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0020 42.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29312 is a critical-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Opennetworking Onos. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Denial of Service (T1498); ranked at the 42.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Denial of Service (T1498) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific flaw in ONOS v2.7.0 that causes always-incorrect control flow when changing link types from indirect to direct.

SI-10 Information Input Validation good match

prevent

Validates inputs to SDN controller functions handling link type changes to block invalid transitions that trigger unexpected behavior.

SC-7 Boundary Protection partial match

prevent

Monitors and controls network communications to SDN controller interfaces, preventing unauthorized remote access required to exploit the link type manipulation.

MITRE ATT&CK Enterprise TechniquesAI

T1498 Network Denial of Service Impact

Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users.

attack.mitre.org →

T1565.002 Transmitted Data Manipulation Impact

Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

Vulnerability enables remote unauth alteration of SDN link configurations, facilitating network service outages (T1498) and incorrect data routing/state changes (T1565.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct.

Deeper analysisAI

CVE-2025-29312 is a vulnerability in ONOS version 2.7.0, an open-source SDN controller. The issue, classified under CWE-670 (Always-Incorrect Control Flow Implementation), enables attackers to trigger unexpected behavior within a device connected to a legacy switch. This occurs by changing the link type from indirect to direct, potentially disrupting normal network operations. The vulnerability received a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H), indicating critical severity due to high impacts on integrity and availability with no confidentiality impact.

Remote attackers require no privileges, user interaction, or special conditions beyond network access to exploit this vulnerability, making it highly accessible with low attack complexity. Successful exploitation allows attackers to alter link configurations in the SDN environment, leading to unexpected behavior in connected devices on legacy switches. This can result in significant integrity violations, such as incorrect data routing or state changes, and availability disruptions, potentially causing service outages or misconfigurations in the controlled network.

References for CVE-2025-29312 point to a GitHub Gist at https://gist.github.com/Saber-Berserker/4e54c2aa70abab2b133ce2c2b7e91249, which provides additional details on the issue. No specific patch or mitigation guidance is detailed in the provided information.