Out-of-Bounds Read in osrg GoBGP Affecting Multiple Versions
CVE-2025-7464

6.3MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 12 July 2025

What is CVE-2025-7464?

A vulnerability has been identified in osrg GoBGP where the function SplitRTR, located in the pkg/packet/rtr/rtr.go file, is susceptible to an out-of-bounds read. This flaw allows for potential exploitation through remote attacks, posing significant risks to users. The complexity of executing the attack is high, which may deter some threat actors. To mitigate this risk, it is crucial to apply the recommended patch detailed in commit e748f43496d74946d14fed85c776452e47b99d64.

Affected Version(s)

GoBGP 3.0

GoBGP 3.1

GoBGP 3.2

References

https://vuldb.com/?id.316116

vdb-entrytechnical-description

https://vuldb.com/?ctiid.316116

signaturepermissions-required

https://vuldb.com/?submit.610193

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2025
Vulnerability Reserved
Jul 11, 2025

Credit

CyberGym (VulDB User)

Osrg

What is CVE-2025-7464?

Affected Version(s)

References

CVSS V4

Timeline

Credit