Denial of Service Vulnerability in FreeBSD IPFW Packet Filtering System
CVE-2025-14769

7.5HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 9 March 2026

What is CVE-2025-14769?

A potential Denial of Service (DoS) issue has been identified within the FreeBSD IPFW packet filtering system. This vulnerability arises when the tcp-setmss handler improperly manages packet data and may unwittingly allow incoming traffic after the packet data has been freed, leading to a NULL pointer dereference. Attackers can exploit this by sending specially crafted packets from a remote location, resulting in disruption of services on affected systems. Proper rule processing is essential to mitigate this risk.

Affected Version(s)

FreeBSD 14.3-RELEASE

FreeBSD 13.5-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-25:11....

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2026
Vulnerability Reserved
Dec 16, 2025

CVE-2025-14769 Data

JSON