CVE-2025-61099 – A NULL pointer dereference vulnerability in FRR... (How to Fix)

Q: What is the severity of CVE-2025-61099?

CVE-2025-61099 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in FRRouting's OSPF implementation allows attackers to crash the frr daemon via specially crafted LS Update packets, causing denial of service. This affects all systems running FRRouting versions 2.0 through 10.4.1 with OSPF enabled.

📋 TL;DR

A NULL pointer dereference vulnerability in FRRouting's OSPF implementation allows attackers to crash the frr daemon via specially crafted LS Update packets, causing denial of service. This affects all systems running FRRouting versions 2.0 through 10.4.1 with OSPF enabled.

💻 Affected Systems

Products:

FRRouting (frr)

Versions: v2.0 through v10.4.1

Operating Systems: Linux-based systems running FRRouting

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if OSPF is enabled and configured. Systems without OSPF enabled are not affected.

📦 What is this software?

Frrouting by Frrouting

View all CVEs affecting Frrouting →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of routing services leading to network outages and loss of connectivity for all routes handled by the affected router.

🟠

Likely Case

frr daemon crash requiring manual restart, causing temporary routing disruption until service is restored.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: MEDIUM - Requires OSPF adjacency with attacker, but OSPF is typically used internally rather than internet-facing.

🏢 Internal Only: HIGH - OSPF is commonly used in internal networks, and any internal attacker with OSPF adjacency could exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires OSPF adjacency with the target router. The vulnerability is triggered by a crafted LS Update packet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v10.4.2 and later

Vendor Advisory: https://github.com/FRRouting/frr/issues/19471

Restart Required: Yes

Instructions:

1. Upgrade FRRouting to version 10.4.2 or later. 2. Stop frr service. 3. Install updated package. 4. Restart frr service.

🔧 Temporary Workarounds

Disable OSPF

linux

Temporarily disable OSPF routing protocol if not required

vtysh -c 'configure terminal' -c 'no router ospf' -c 'end' -c 'write memory'

OSPF Authentication

linux

Enable OSPF MD5 authentication to prevent unauthorized adjacency

vtysh -c 'configure terminal' -c 'router ospf' -c 'area 0 authentication message-digest' -c 'interface eth0' -c 'ip ospf message-digest-key 1 md5 yourpassword' -c 'end' -c 'write memory'

🧯 If You Can't Patch

Implement strict network segmentation to limit OSPF adjacency to trusted routers only
Deploy network monitoring to detect abnormal OSPF traffic patterns and potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check FRRouting version with 'frr --version' or 'vtysh -c 'show version'' and verify if between 2.0 and 10.4.1

Check Version:

frr --version

Verify Fix Applied:

Verify version is 10.4.2 or later and test OSPF functionality remains operational

📡 Detection & Monitoring

Log Indicators:

frr daemon crash logs
OSPF process termination messages
Segmentation fault errors in syslog

Network Indicators:

Unusual OSPF LS Update packets
OSPF adjacency flapping
Routing table inconsistencies

SIEM Query:

source="frr.log" AND ("segmentation fault" OR "NULL pointer" OR "ospf_opaque.c")

📊 Metadata

CVE ID: CVE-2025-61099

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.08% exploit probability (23.8th percentile)

Published: October 27, 2025

Last Updated: November 3, 2025

🔗 References

https://github.com/FRRouting/frr/issues/19471 Exploit,Issue Tracking,Third Party Advisory
https://github.com/FRRouting/frr/pull/19480 Issue Tracking,Third Party Advisory
https://github.com/FRRouting/frr/pull/19480/commits/0042fbe8ca5aba866b4f0d166e54066bba5ab14e Patch
https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61099.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61099, you might also want to check these: