{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-61100", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-28T17:08:10.960Z", "dateReserved": "2025-09-26T00:00:00.000Z", "datePublished": "2025-10-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-27T18:57:14.881Z"}, "descriptions": [{"lang": "en", "value": "FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/19480"}, {"url": "https://github.com/FRRouting/frr/issues/19471"}, {"url": "https://github.com/FRRouting/frr/pull/19480/commits/cda5ddac0940562d1dca7cbef34d0ce5b00f160b"}, {"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61100.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-28T17:07:06.368971Z", "id": "CVE-2025-61100", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T17:08:10.960Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-61100", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-28T17:07:06.368971Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T17:07:59.346Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/FRRouting/frr/pull/19480"}, {"url": "https://github.com/FRRouting/frr/issues/19471"}, {"url": "https://github.com/FRRouting/frr/pull/19480/commits/cda5ddac0940562d1dca7cbef34d0ce5b00f160b"}, {"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61100.md"}], "descriptions": [{"lang": "en", "value": "FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-10-27T18:57:14.881Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61100", "state": "PUBLISHED", "dateUpdated": "2025-10-28T17:08:10.960Z", "dateReserved": "2025-09-26T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-10-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED1CF39B-BF18-4F9D-B29B-020CDAED494A", "versionEndIncluding": "10.4.1", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions."}], "id": "CVE-2025-61100", "lastModified": "2025-11-03T18:02:25.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-27T19:16:05.060", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/FRRouting/frr/issues/19471"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/FRRouting/frr/pull/19480"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/FRRouting/frr/pull/19480/commits/cda5ddac0940562d1dca7cbef34d0ce5b00f160b"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61100.md"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "frr: FRRouting: NULL Pointer Dereference in FRRouting", "id": "2406616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406616"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.", "A NULL pointer dereference vulnerability was found in FRRouting within the ospf_opaque_lsa_dump function within ospf_opaque.c. When the OSPF daemon (ospfd) has the debug command debug ospf packet all send/recv detail enabled, it attempts to dump detailed information for received or sent OSPF packets. Under specific malformed LSA conditions, the function may dereference a NULL pointer, leading to a crash of the OSPF process and resulting in a Denial of Service (DoS)."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-61100", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-10-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-61100\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61100\nhttps://github.com/FRRouting/frr/issues/19471\nhttps://github.com/FRRouting/frr/pull/19480\nhttps://github.com/FRRouting/frr/pull/19480/commits/cda5ddac0940562d1dca7cbef34d0ce5b00f160b\nhttps://github.com/s1awwhy/BugList/blob/main/CVE-2025-61100.md"], "statement": "This issue is rated Moderate rather than Important because it depends on a very specific and non-default runtime condition for exploitation. The vulnerable code path is only reachable when OSPF detailed packet debugging (debug ospf packet all send/recv detail) is explicitly enabled, which is typically used for temporary diagnostic purposes and not in production environments. In normal operation, the affected function is not invoked, thereby significantly reducing exposure. Furthermore, the flaw leads solely to a NULL pointer dereference, causing a crash of the ospfd process without memory corruption or control-flow hijacking potential.", "threat_severity": "Moderate"}