Cyber Resilience

CVE-2025-29313

High

Published: 24 March 2025

Published
24 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 33.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-29313 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Csdn (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

CVE-2025-29313 is a vulnerability involving the use of an incorrectly resolved name or reference in the OpenDaylight Service Function Chaining (SFC) Subproject, specifically affecting SFC Sodium-SR4 and earlier versions. This flaw, classified under CWE-404, enables attackers to trigger a Denial of Service (DoS) condition. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges, with a high impact on availability but no effects on confidentiality or integrity. It was published on 2025-03-24.

Any remote attacker without authentication can exploit this vulnerability over the network with minimal effort. Successful exploitation leads to a DoS, disrupting service availability in affected OpenDaylight SFC deployments, potentially halting service function chaining operations.

For mitigation details, refer to the advisory at https://blog.csdn.net/weixin_43959580/article/details/146018191.

EU & UK References

Vulnerability details

Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability allows remote unauthenticated exploitation of a public-facing service to trigger DoS via improper resource handling, directly mapping to application/system exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1684Shared CWE-404
CVE-2026-1172Shared CWE-404
CVE-2026-1587Shared CWE-404
CVE-2025-22846Shared CWE-404
CVE-2026-1586Shared CWE-404
CVE-2026-1522Shared CWE-404
CVE-2026-1521Shared CWE-404
CVE-2024-57659Shared CWE-404
CVE-2026-4240Shared CWE-404
CVE-2024-55553Shared CWE-404

Affected Assets

Csdn
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the software flaw in OpenDaylight SFC Sodium-SR4 and below that causes DoS due to incorrectly resolved names or references.

prevent

Protects against denial-of-service attacks by limiting the effects of exploits targeting this vulnerability's high availability impact.

prevent

Ensures errors from incorrectly resolved names or references are handled without enabling or facilitating DoS conditions.

References