Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61107 (GCVE-0-2025-61107)
Vulnerability from cvelistv5 – Published: 2025-10-28 00:00 – Updated: 2025-10-28 17:13
VLAI?
EPSS
Summary
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-28T17:10:25.377210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T17:13:29.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T14:29:30.670Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FRRouting/frr/pull/19480"
},
{
"url": "https://github.com/FRRouting/frr/issues/19471"
},
{
"url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
},
{
"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-61107",
"datePublished": "2025-10-28T00:00:00.000Z",
"dateReserved": "2025-09-26T00:00:00.000Z",
"dateUpdated": "2025-10-28T17:13:29.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61107\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-10-28T15:16:13.243\",\"lastModified\":\"2025-10-31T18:46:51.943\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndIncluding\":\"10.4.1\",\"matchCriteriaId\":\"B41245C0-85A2-4A77-BF46-27F573E6F588\"}]}]}],\"references\":[{\"url\":\"https://github.com/FRRouting/frr/issues/19471\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/19480\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61107\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-28T17:10:25.377210Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-28T17:13:15.565Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/FRRouting/frr/pull/19480\"}, {\"url\": \"https://github.com/FRRouting/frr/issues/19471\"}, {\"url\": \"https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3\"}, {\"url\": \"https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-10-28T14:29:30.670Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61107\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-28T17:13:29.381Z\", \"dateReserved\": \"2025-09-26T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-10-28T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0966
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 golang 1.22.7-5 | ||
| Microsoft | N/A | azl3 golang 1.23.12-1 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 moby-engine 25.0.3-13 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | azl3 kernel 6.6.104.2-4 | ||
| Microsoft | N/A | cbl2 msft-golang 1.24.8-1 | ||
| Microsoft | N/A | azl3 gh 2.62.0-9 | ||
| Microsoft | N/A | azl3 frr 9.1.1-3 | ||
| Microsoft | N/A | azl3 xorg-x11-server-Xwayland 24.1.6-2 versions antérieures à 24.1.6-3 | ||
| Microsoft | N/A | cbl2 libcontainers-common 20210626-7 | ||
| Microsoft | N/A | cbl2 moby-engine 24.0.9-18 | ||
| Microsoft | N/A | cbl2 frr 8.5.5-3 | ||
| Microsoft | N/A | azl3 containerized-data-importer 1.57.0-16 | ||
| Microsoft | N/A | azl3 skopeo 1.14.4-6 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 keras 3.3.3-4 versions antérieures à 3.3.3-5 | ||
| Microsoft | N/A | cbl2 gcc 11.2.0-8 | ||
| Microsoft | N/A | cbl2 keras 2.11.0-3 | ||
| Microsoft | N/A | azl3 golang 1.25.3-1 | ||
| Microsoft | N/A | cbl2 tensorflow 2.11.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-4 | ||
| Microsoft | N/A | azl3 gcc 13.2.0-7 | ||
| Microsoft | N/A | cbl2 cri-o 1.22.3-16 | ||
| Microsoft | N/A | cbl2 skopeo 1.14.2-12 | ||
| Microsoft | N/A | cbl2 containerized-data-importer 1.55.0-25 | ||
| Microsoft | N/A | cbl2 golang 1.18.8-10 | ||
| Microsoft | N/A | azl3 libcontainers-common 20240213-3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 golang 1.22.7-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.23.12-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 moby-engine 25.0.3-13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.104.2-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 msft-golang 1.24.8-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gh 2.62.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 frr 9.1.1-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 xorg-x11-server-Xwayland 24.1.6-2 versions ant\u00e9rieures \u00e0 24.1.6-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libcontainers-common 20210626-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 moby-engine 24.0.9-18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 frr 8.5.5-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 containerized-data-importer 1.57.0-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 skopeo 1.14.4-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-4 versions ant\u00e9rieures \u00e0 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 gcc 11.2.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 keras 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.25.3-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gcc 13.2.0-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cri-o 1.22.3-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 skopeo 1.14.2-12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 containerized-data-importer 1.55.0-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 golang 1.18.8-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-40100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2025-61102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61102"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2025-61106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61106"
},
{
"name": "CVE-2025-61103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61103"
},
{
"name": "CVE-2025-62230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62230"
},
{
"name": "CVE-2025-40104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
},
{
"name": "CVE-2025-40097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40097"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61105"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-40084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-40095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2025-62229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62229"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-40083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
},
{
"name": "CVE-2025-62231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62231"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2025-40102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40102"
},
{
"name": "CVE-2025-12058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12058"
},
{
"name": "CVE-2025-61101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61101"
},
{
"name": "CVE-2025-61107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61107"
},
{
"name": "CVE-2025-61100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61100"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-61104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61104"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0966",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58189",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58189"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40099",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40099"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40083",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40083"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58186",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61724",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61724"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61103",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61103"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12058",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12058"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40087",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40087"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61100",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61100"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61105"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62229",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62229"
},
{
"published_at": "2025-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40106"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62231"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61102",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61102"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40097"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40100",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40100"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40084",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40084"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58187",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58187"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40094",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40094"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61106"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40104",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40104"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40103",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40103"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61104",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61104"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40085",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40085"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47912",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47912"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40092",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40092"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40105"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40096",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40096"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61107",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61107"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40088",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40088"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58183",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61725",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61101",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61101"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61723",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61723"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40102",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40102"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40095"
},
{
"published_at": "2025-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12060",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12060"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62230"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58185",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58185"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58188",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188"
}
]
}
CERTFR-2025-AVI-0966
Vulnerability from certfr_avis - Published: 2025-11-05 - Updated: 2025-11-05
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 golang 1.22.7-5 | ||
| Microsoft | N/A | azl3 golang 1.23.12-1 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 moby-engine 25.0.3-13 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | azl3 kernel 6.6.104.2-4 | ||
| Microsoft | N/A | cbl2 msft-golang 1.24.8-1 | ||
| Microsoft | N/A | azl3 gh 2.62.0-9 | ||
| Microsoft | N/A | azl3 frr 9.1.1-3 | ||
| Microsoft | N/A | azl3 xorg-x11-server-Xwayland 24.1.6-2 versions antérieures à 24.1.6-3 | ||
| Microsoft | N/A | cbl2 libcontainers-common 20210626-7 | ||
| Microsoft | N/A | cbl2 moby-engine 24.0.9-18 | ||
| Microsoft | N/A | cbl2 frr 8.5.5-3 | ||
| Microsoft | N/A | azl3 containerized-data-importer 1.57.0-16 | ||
| Microsoft | N/A | azl3 skopeo 1.14.4-6 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 keras 3.3.3-4 versions antérieures à 3.3.3-5 | ||
| Microsoft | N/A | cbl2 gcc 11.2.0-8 | ||
| Microsoft | N/A | cbl2 keras 2.11.0-3 | ||
| Microsoft | N/A | azl3 golang 1.25.3-1 | ||
| Microsoft | N/A | cbl2 tensorflow 2.11.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-4 | ||
| Microsoft | N/A | azl3 gcc 13.2.0-7 | ||
| Microsoft | N/A | cbl2 cri-o 1.22.3-16 | ||
| Microsoft | N/A | cbl2 skopeo 1.14.2-12 | ||
| Microsoft | N/A | cbl2 containerized-data-importer 1.55.0-25 | ||
| Microsoft | N/A | cbl2 golang 1.18.8-10 | ||
| Microsoft | N/A | azl3 libcontainers-common 20240213-3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 golang 1.22.7-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.23.12-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 moby-engine 25.0.3-13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.104.2-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 msft-golang 1.24.8-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gh 2.62.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 frr 9.1.1-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 xorg-x11-server-Xwayland 24.1.6-2 versions ant\u00e9rieures \u00e0 24.1.6-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libcontainers-common 20210626-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 moby-engine 24.0.9-18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 frr 8.5.5-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 containerized-data-importer 1.57.0-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 skopeo 1.14.4-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-4 versions ant\u00e9rieures \u00e0 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 gcc 11.2.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 keras 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.25.3-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gcc 13.2.0-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 cri-o 1.22.3-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 skopeo 1.14.2-12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 containerized-data-importer 1.55.0-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 golang 1.18.8-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libcontainers-common 20240213-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-40100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40100"
},
{
"name": "CVE-2025-40103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40103"
},
{
"name": "CVE-2025-61102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61102"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2025-40092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
},
{
"name": "CVE-2025-61106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61106"
},
{
"name": "CVE-2025-61103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61103"
},
{
"name": "CVE-2025-62230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62230"
},
{
"name": "CVE-2025-40104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40104"
},
{
"name": "CVE-2025-40097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40097"
},
{
"name": "CVE-2025-40106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-40088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
},
{
"name": "CVE-2025-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61105"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-40084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40084"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2025-40095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40095"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-40105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
},
{
"name": "CVE-2025-62229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62229"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-40083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40083"
},
{
"name": "CVE-2025-62231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62231"
},
{
"name": "CVE-2025-40099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40099"
},
{
"name": "CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
},
{
"name": "CVE-2025-40102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40102"
},
{
"name": "CVE-2025-12058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12058"
},
{
"name": "CVE-2025-61101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61101"
},
{
"name": "CVE-2025-61107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61107"
},
{
"name": "CVE-2025-61100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61100"
},
{
"name": "CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"name": "CVE-2025-61104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61104"
},
{
"name": "CVE-2025-40087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
}
],
"initial_release_date": "2025-11-05T00:00:00",
"last_revision_date": "2025-11-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0966",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58189",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58189"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40099",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40099"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40083",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40083"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58186",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58186"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61724",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61724"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61103",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61103"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12058",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12058"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40087",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40087"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61100",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61100"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61105"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62229",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62229"
},
{
"published_at": "2025-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40106"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62231"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61102",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61102"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40097"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40100",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40100"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40084",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40084"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58187",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58187"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40094",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40094"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61106"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40104",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40104"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40103",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40103"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61104",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61104"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40085",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40085"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-47912",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47912"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40092",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40092"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40105",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40105"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40096",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40096"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61107",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61107"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40088",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40088"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58183",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58183"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61725",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61725"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61101",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61101"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61723",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61723"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40102",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40102"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40095",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40095"
},
{
"published_at": "2025-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12060",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12060"
},
{
"published_at": "2025-11-02",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62230"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58185",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58185"
},
{
"published_at": "2025-10-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58188",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58188"
}
]
}
MSRC_CVE-2025-61107
Vulnerability from csaf_microsoft - Published: 2025-10-02 00:00 - Updated: 2025-10-31 01:11Summary
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61107 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-61107.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.",
"tracking": {
"current_release_date": "2025-10-31T01:11:07.000Z",
"generator": {
"date": "2025-11-04T20:08:19.279Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-61107",
"initial_release_date": "2025-10-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-10-31T01:11:07.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 frr 9.1.1-3",
"product": {
"name": "azl3 frr 9.1.1-3",
"product_id": "2"
}
},
{
"category": "product_version_range",
"name": "cbl2 frr 8.5.5-3",
"product": {
"name": "cbl2 frr 8.5.5-3",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "frr"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 frr 9.1.1-3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 frr 8.5.5-3 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61107",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61107 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-61107.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-10-31T01:11:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-2"
]
},
{
"category": "none_available",
"date": "2025-10-31T01:11:07.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-2",
"17086-1"
]
}
],
"title": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet."
}
]
}
GHSA-35MH-V24C-MJW6
Vulnerability from github – Published: 2025-10-28 15:30 – Updated: 2025-10-28 18:30
VLAI?
Details
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-61107"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-28T15:16:13Z",
"severity": "HIGH"
},
"details": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.",
"id": "GHSA-35mh-v24c-mjw6",
"modified": "2025-10-28T18:30:28Z",
"published": "2025-10-28T15:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61107"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/issues/19471"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/19480"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
},
{
"type": "WEB",
"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2025-61107
Vulnerability from fkie_nvd - Published: 2025-10-28 15:16 - Updated: 2025-10-31 18:46
Severity ?
Summary
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/FRRouting/frr/issues/19471 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/FRRouting/frr/pull/19480 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3 | Patch | |
| cve@mitre.org | https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B41245C0-85A2-4A77-BF46-27F573E6F588",
"versionEndIncluding": "10.4.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet."
},
{
"lang": "es",
"value": "FRRouting/frr desde v4.0 hasta v10.4.1 se descubri\u00f3 que conten\u00eda una desreferencia de puntero NULL a trav\u00e9s de la funci\u00f3n show_vty_ext_pref_pref_sid en ospf_ext.c. Esta vulnerabilidad permite a los atacantes causar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un paquete de actualizaci\u00f3n LSA manipulado."
}
],
"id": "CVE-2025-61107",
"lastModified": "2025-10-31T18:46:51.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-10-28T15:16:13.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FRRouting/frr/issues/19471"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/FRRouting/frr/pull/19480"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/s1awwhy/BugList/blob/main/CVE-2025-61107.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…