Login Sign Up

CVE-2025-61910

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in NASA's ION-DTN software allows an attacker to cause a denial-of-service (DoS) by sending a specially crafted BPv7 bundle with a malformed extension block, leading to uncontrolled memory allocation and termination of the receiver thread. It affects systems running ION-DTN 4.1.3s for Delay/Disruption Tolerant Networking, potentially disrupting critical communications in space or remote environments.

💻 Affected Systems

Products:
  • NASA Interplanetary Overlay Network (ION-DTN)
Versions: ION-DTN 4.1.3s
Operating Systems: Linux, Unix-like systems where ION-DTN is deployed
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is present in the default configuration when processing BPv7 bundles; no specific settings are required to be vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete DoS of the ION-DTN service, halting all bundle processing and disrupting network communications, which could impact mission-critical operations in space or remote scenarios.

🟠

Likely Case

Service disruption due to receiver thread termination, causing temporary unavailability until the service is restarted, with potential data loss or delays in bundle forwarding.

🟢

If Mitigated

Limited impact if network segmentation or input validation controls are in place, but still risks isolated DoS if the malicious bundle reaches the vulnerable system.

🌐 Internet-Facing: MEDIUM, as exploitation requires sending a crafted bundle to the vulnerable service, but exposure depends on whether the service is publicly accessible; risk is higher if directly internet-facing.
🏢 Internal Only: MEDIUM, as internal attackers or compromised nodes could exploit this to disrupt DTN communications within a network, affecting reliability and availability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation is straightforward as it involves sending a malformed bundle without authentication; weaponization is likely due to the simplicity and DoS impact, though no public proof-of-concept is confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://github.com/nasa-jpl/ION-DTN/security/advisories/GHSA-xm96-38vj-h28h

Restart Required: Yes

Instructions:

As of publication, no official patch exists. Monitor the vendor advisory for updates and apply any future patches promptly. If a patch is released, update to the fixed version and restart the ION-DTN service.

🔧 Temporary Workarounds

Input Validation and Filtering

linux

Implement network-level filtering or application-layer validation to block or sanitize BPv7 bundles with malformed extension blocks, particularly those matching the described pattern.

# Example: Use iptables or similar to drop packets containing the malicious pattern (adjust as needed)
# iptables -A INPUT -p tcp --dport <ION_PORT> -m string --hex-string '|85070201005bbb0e20b4ea001a000927c0|' --algo bm -j DROP

Service Monitoring and Restart

linux

Set up monitoring to detect service crashes and automate restarts to minimize downtime, though this does not prevent exploitation.

# Example: Use systemd or cron to check and restart ION-DTN if it fails
# systemctl enable ion-dtn.service
# systemctl start ion-dtn.service

🧯 If You Can't Patch

  • Isolate the ION-DTN service within a segmented network to limit exposure and reduce the attack surface from untrusted sources.
  • Implement rate limiting or traffic shaping on bundle ingestion to mitigate the impact of DoS attempts, though this may not fully block the specific exploit.

🔍 How to Verify

Check if Vulnerable:

Check if the system is running ION-DTN version 4.1.3s by examining the installed software or configuration files.

Check Version:

ionadmin -v  # or check the software build logs and documentation for version info

Verify Fix Applied:

After applying any future patch, verify by checking the version is updated beyond 4.1.3s and testing with safe bundle processing.

📡 Detection & Monitoring

Log Indicators:

  • Log entries indicating receiver thread termination, memory allocation errors, or crashes in ION-DTN logs, such as 'MTAKE failed' or segmentation faults.

Network Indicators:

  • Network traffic containing BPv7 bundles with the specific malformed extension block pattern starting with 0x85070201005bbb0e20b4ea001a000927c0.

SIEM Query:

Example: 'source="ion-dtn.log" AND ("thread terminated" OR "memory allocation error" OR "MTAKE")'

📊 Metadata

CVE ID: CVE-2025-61910
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-789
EPSS Score: 0.1% exploit probability (27.9th percentile)
Published: October 7, 2025
Last Updated: October 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61910, you might also want to check these:

CVE-2023-43632 9.0

CVE-2023-43632 is a stack-based buffer overflow vulnerability in EVE's VTPM server that allows remot...

Same vulnerability type (CWE-789)
CVE-2021-34868 8.8

This vulnerability in Parallels Desktop allows local attackers to escalate privileges from a guest V...

Same vulnerability type (CWE-789)
CVE-2024-20260 8.6

This vulnerability allows unauthenticated remote attackers to cause memory exhaustion on Cisco ASAv ...

Same vulnerability type (CWE-789)