NULL Pointer Dereference in FRRouting Affects OSPF Functionality
CVE-2025-61106

7.5HIGH

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-61106?

A vulnerability exists in the FRRouting software from versions 4.0 to 10.4.1 due to a NULL pointer dereference in the show_vty_ext_pref_pref_sid function within ospf_ext.c. Attackers can exploit this flaw by sending specially crafted OSPF packets, potentially leading to a Denial of Service (DoS) condition, disrupting network operations.

References

https://github.com/FRRouting/frr/pull/19480

https://github.com/FRRouting/frr/issues/19471

https://github.com/FRRouting/frr/pull/19480/commits/fdd95...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Sep 26, 2025

JSON