Login Sign Up

CVE-2025-21705

5.5 MEDIUM

📋 TL;DR

This vulnerability in the Linux kernel's MPTCP (Multipath TCP) implementation allows data stream corruption when handling TCP Fast Open connection errors. The issue occurs when disconnect() is called internally during Fast Open failures, leading to improper socket state management. Systems using Linux kernels with MPTCP enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution, but includes kernels around 6.13.0-rc2 and earlier with MPTCP support)
Operating Systems: Linux distributions with MPTCP enabled
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if MPTCP is enabled and TCP Fast Open is being used. Many distributions don't enable MPTCP by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Data corruption in MPTCP connections leading to application crashes, denial of service, or potential information disclosure through corrupted data streams.

🟠

Likely Case

MPTCP connection failures or crashes when TCP Fast Open encounters errors, causing service disruption for applications using MPTCP.

🟢

If Mitigated

Minor performance impact or connection retries when MPTCP Fast Open fails, with proper error handling preventing crashes.

🌐 Internet-Facing: MEDIUM - Requires MPTCP usage and TCP Fast Open errors, which are specific conditions but could affect web servers and network services.
🏢 Internal Only: LOW - Primarily affects systems using MPTCP features, which are less common in internal-only deployments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific TCP Fast Open error conditions on MPTCP connections. Discovered via syzkaller fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 0263fb2e7b7b88075a5d86e74c4384ee4400828d, 619af16b3b57a3a4ee50b9a30add9ff155541e71, 6ec806762318a4adde0ea63342d42d0feae95079, 73e268b4be27b36ae68ea10755cb003f43b38884, 84ac44d9fed3a56440971cbd7600a02b70b5b32a

Vendor Advisory: https://git.kernel.org/stable/c/0263fb2e7b7b88075a5d86e74c4384ee4400828d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for available kernel updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable MPTCP

linux

Disable MPTCP support if not required

echo 'net.mptcp.enabled = 0' >> /etc/sysctl.conf
sysctl -p

Disable TCP Fast Open

linux

Disable TCP Fast Open feature

echo 'net.ipv4.tcp_fastopen = 0' >> /etc/sysctl.conf
sysctl -p

🧯 If You Can't Patch

  • Disable MPTCP via sysctl if not required for your applications
  • Implement network monitoring for MPTCP connection failures and restart affected services

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MPTCP is enabled: 'uname -r' and 'sysctl net.mptcp.enabled'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits or is newer than vulnerable versions. Check with 'uname -r' and compare with distribution's patched versions.

📡 Detection & Monitoring

Log Indicators:

  • Kernel warnings mentioning '__mptcp_clean_una' or MPTCP protocol errors
  • Application logs showing MPTCP connection failures

Network Indicators:

  • Unexpected MPTCP connection resets or failures
  • TCP Fast Open connection attempts failing

SIEM Query:

source="kernel" AND ("__mptcp_clean_una" OR "MPTCP" OR "fastopen")

📊 Metadata

CVE ID: CVE-2025-21705
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.05% exploit probability (13.7th percentile)
Published: February 27, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON