NULL Pointer Dereference in FRRouting OSPF Function Affects Network Devices
CVE-2025-61102

7.5HIGH

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-61102?

A vulnerability has been identified in FRRouting versions from 4.0 to 10.4.1, specifically within the 'show_vty_ext_link_adj_sid' function in ospf_ext.c. This flaw can be exploited by attackers through the transmission of specially crafted OSPF packets, resulting in a Denial of Service (DoS) condition. Implementing this exploit may disrupt network services, emphasizing the need for timely updates and preventive measures.

References

https://github.com/FRRouting/frr/pull/19480

https://github.com/FRRouting/frr/issues/19471

https://github.com/FRRouting/frr/pull/19480/commits/fdd95...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Sep 26, 2025

JSON