CVE-2025-29313
Published: 24 March 2025
Summary
CVE-2025-29313 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Csdn (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).
Deeper analysis
CVE-2025-29313 is a vulnerability involving the use of an incorrectly resolved name or reference in the OpenDaylight Service Function Chaining (SFC) Subproject, specifically affecting SFC Sodium-SR4 and earlier versions. This flaw, classified under CWE-404, enables attackers to trigger a Denial of Service (DoS) condition. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges, with a high impact on availability but no effects on confidentiality or integrity. It was published on 2025-03-24.
Any remote attacker without authentication can exploit this vulnerability over the network with minimal effort. Successful exploitation leads to a DoS, disrupting service availability in affected OpenDaylight SFC deployments, potentially halting service function chaining operations.
For mitigation details, refer to the advisory at https://blog.csdn.net/weixin_43959580/article/details/146018191.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8014
Vulnerability details
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote unauthenticated exploitation of a public-facing service to trigger DoS via improper resource handling, directly mapping to application/system exploitation for endpoint denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the software flaw in OpenDaylight SFC Sodium-SR4 and below that causes DoS due to incorrectly resolved names or references.
Protects against denial-of-service attacks by limiting the effects of exploits targeting this vulnerability's high availability impact.
Ensures errors from incorrectly resolved names or references are handled without enabling or facilitating DoS conditions.