CVE-2025-61105
Published: 27 October 2025
Summary
CVE-2025-61105 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Frrouting Frrouting. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 42.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36350
Vulnerability details
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The NULL pointer dereference in FRRouting's ospfd daemon, triggered by a crafted OSPF packet when debug logging is enabled, allows remote denial of service by crashing the application, directly facilitating T1499.004 (Application or System Exploitation).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.