CVE-2025-0638

HIGH

Routinator - Use After Free

Title source: llm

Description

The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.

References (1)

[Various Sources] https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 27.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1286

Status published

Products (1)

NLnet Labs/Routinator 0.14.1

Published Jan 22, 2025

Tracked Since Feb 18, 2026