CVE-2025-61104
Published: 28 October 2025
Summary
CVE-2025-61104 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Frrouting Frrouting. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 49.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36527
Vulnerability details
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The NULL pointer dereference in FRRouting's ospfd, triggered by a crafted OSPF packet containing an opaque LSA when packet debugging is enabled, allows remote attackers to crash the OSPF daemon, enabling endpoint denial of service via application exploitation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.