CVE-2025-61107

Published: Oct 28, 2025Modified: Oct 31, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.

Affected (1)

Products: Frrouting: Frrouting

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Frrouting Frrouting	From 4.0 to 10.4.1

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (4)

https://github.com/FRRouting/frr/issues/19471

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/FRRouting/frr/pull/19480

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3

Source: cve@mitre.org

Patch

https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.