Socket Connection Vulnerability in FreeBSD Network Stack
CVE-2025-24934

5.4MEDIUM

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-24934?

A vulnerability has been identified in the FreeBSD kernel's handling of socket connections within load-balancing groups. When a software application sets the SO_REUSEPORT_LB option on a socket, it connects to a host without immediate observable issues. However, this configuration allows the socket to accept packets from any host due to its membership in a load-balancing group. This behavior deviates from the expected contract of socket connections, leading to potential spoofing attacks, as the underlying kernel fails to verify the connection state of sockets appropriately. This can compromise the security of applications relying on strict socket communication.

Affected Version(s)

FreeBSD 15.0-BETA2

FreeBSD 14.3-RELEASE

FreeBSD 13.5-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-25:09....

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jan 29, 2025

Credit

MSc. student Omer Ben Simhon from the Hebrew University School of Computer Science and Engineering

Prof. Amit Klein from the Hebrew University School of Computer Science and Engineering

JSON