CVE-2025-61106
Published: 28 October 2025
Summary
CVE-2025-61106 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Frrouting Frrouting. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 49.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-36529
Vulnerability details
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The NULL pointer dereference in FRRouting's ospfd daemon, triggered by a crafted OSPF packet containing an opaque LSA when packet debugging is enabled, allows remote attackers to crash the OSPF service, enabling endpoint denial of service via application exploitation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.