CVE-2025-61101 – CVE-2025-61101 is a NULL pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2025-61101?

CVE-2025-61101 has a CVSS score of 7.5 (HIGH). CVE-2025-61101 is a NULL pointer dereference vulnerability in FRRouting/frr that allows attackers to cause a Denial of Service (DoS) by sending a specially crafted OSPF packet. This affects FRRouting installations from version 4.0 through 10.4.1 that have OSPF enabled. Network administrators using FRRouting for routing protocols are impacted.

📋 TL;DR

CVE-2025-61101 is a NULL pointer dereference vulnerability in FRRouting/frr that allows attackers to cause a Denial of Service (DoS) by sending a specially crafted OSPF packet. This affects FRRouting installations from version 4.0 through 10.4.1 that have OSPF enabled. Network administrators using FRRouting for routing protocols are impacted.

💻 Affected Systems

Products:

FRRouting (frr)

Versions: v4.0 through v10.4.1

Operating Systems: Linux, FreeBSD, Other Unix-like systems running FRRouting

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if OSPF protocol is enabled and configured. Systems without OSPF enabled are not affected.

📦 What is this software?

Frrouting by Frrouting

View all CVEs affecting Frrouting →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of FRRouting daemon, causing routing table corruption and network outages across affected segments.

🟠

Likely Case

FRRouting daemon crash requiring manual restart, temporary routing instability until service is restored.

🟢

If Mitigated

Isolated daemon restart with minimal impact if proper monitoring and redundancy are in place.

🌐 Internet-Facing: MEDIUM - Requires OSPF adjacency with attacker, but OSPF is often used on internal networks rather than internet-facing interfaces.

🏢 Internal Only: HIGH - OSPF is commonly used in internal networks, and any internal attacker with network access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a crafted OSPF packet to a vulnerable FRRouting instance with OSPF enabled. No authentication is required once network access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v10.4.2 and later, or apply commit fdd957408605d4a1766225630aafc7e6b7c3daf3

Vendor Advisory: https://github.com/FRRouting/frr/issues/19471

Restart Required: Yes

Instructions:

1. Update FRRouting to version 10.4.2 or later using your package manager. 2. Alternatively, apply the patch from GitHub commit fdd957408605d4a1766225630aafc7e6b7c3daf3. 3. Restart the FRRouting service after patching.

🔧 Temporary Workarounds

Disable OSPF Protocol

linux

Temporarily disable OSPF routing protocol if not required for network operations.

router ospf
no router ospf

Restrict OSPF Adjacencies

linux

Configure OSPF to only form adjacencies with trusted neighbors using authentication and access lists.

ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 yourpassword
access-list 1 permit trusted_neighbor_ip

🧯 If You Can't Patch

Implement network segmentation to isolate OSPF traffic to trusted segments only.
Deploy intrusion detection systems to monitor for anomalous OSPF packets and alert on potential exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check FRRouting version and verify OSPF is enabled: 'show version' and 'show running-config | include router ospf'

Check Version:

frr --version || vtysh -c 'show version'

Verify Fix Applied:

Verify FRRouting version is 10.4.2 or later: 'show version' should report version >= 10.4.2

📡 Detection & Monitoring

Log Indicators:

FRRouting daemon crash logs
OSPF protocol errors in syslog
Unexpected FRRouting service restarts

Network Indicators:

Malformed OSPF packets detected by IDS/IPS
Unusual OSPF packet patterns from untrusted sources

SIEM Query:

source="frr" AND ("crash" OR "segfault" OR "OSPF error")

📊 Metadata

CVE ID: CVE-2025-61101

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.08% exploit probability (23.8th percentile)

Published: October 27, 2025

Last Updated: November 3, 2025

🔗 References

https://github.com/FRRouting/frr/issues/19471 Exploit,Issue Tracking,Third Party Advisory
https://github.com/FRRouting/frr/pull/19480 Issue Tracking,Third Party Advisory
https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3 Patch
https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61101.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61101, you might also want to check these: