CVE-2025-61100

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
frroutingfrrouting
2.0 ≤
𝑥
≤ 10.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
frr
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
forky
vulnerable
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
frr
questing
deferred
plucky
deferred
noble
deferred
jammy
deferred
focal
deferred
quagga
questing
dne
plucky
dne
noble
dne
jammy
dne
focal
deferred
bionic
deferred
xenial
deferred
Common Weakness Enumeration
References
https://github.com/FRRouting/frr/issues/19471
https://github.com/FRRouting/frr/pull/19480
https://github.com/FRRouting/frr/pull/19480/commits/cda5ddac0940562d1dca7cbef34d0ce5b00f160b
https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61100.md