NULL Pointer Dereference Vulnerability in FRRouting Product by FRRouting
CVE-2025-61104

7.5HIGH

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-61104?

A vulnerability has been identified in FRRouting versions from 4.0 to 10.4.1, allowing attackers to exploit a NULL pointer dereference within the 'show_vty_unknown_tlv' function located in ospf_ext.c. This weakness can be triggered through specially crafted OSPF packets, leading to Denial of Service (DoS) conditions, impacting the availability of the service.

References

https://github.com/FRRouting/frr/pull/19480

https://github.com/FRRouting/frr/issues/19471

https://github.com/FRRouting/frr/pull/19480/commits/fdd95...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Sep 26, 2025

JSON