Denial of Service Vulnerability in FRRouting from Various Versions
CVE-2025-61107

7.5HIGH

Key Information:

Vendor: FRRouting
Status: FRRouting
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-61107?

A vulnerability in FRRouting versions 4.0 to 10.4.1 involves a NULL pointer dereference triggered by the show_vty_ext_pref_pref_sid function in ospf_ext.c. This flaw can enable attackers to launch a Denial of Service (DoS) by sending a specially crafted LSA Update packet, potentially disrupting network operations.

References

https://github.com/FRRouting/frr/pull/19480

https://github.com/FRRouting/frr/issues/19471

https://github.com/FRRouting/frr/pull/19480/commits/fdd95...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Sep 26, 2025

JSON