CVE-2025-0638

HIGH

Routinator - Use After Free

Title source: llm

Description

The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.

References (1)

[Various Sources] https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt

Scores

CVSS v3 7.5

EPSS 0.0010

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-1286

Status draft

Timeline

Published Jan 22, 2025

Tracked Since Feb 18, 2026