CVE-2025-29313
Published: 24 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-29313 is a vulnerability involving the use of an incorrectly resolved name or reference in the OpenDaylight Service Function Chaining (SFC) Subproject, specifically affecting SFC Sodium-SR4 and earlier versions. This flaw, classified under CWE-404, enables attackers to trigger a Denial of Service (DoS) condition. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges, with a high impact on availability but no effects on confidentiality or integrity. It was published on 2025-03-24.
Any remote attacker without authentication can exploit this vulnerability over the network with minimal effort. Successful exploitation leads to a DoS, disrupting service availability in affected OpenDaylight SFC deployments, potentially halting service function chaining operations.
For mitigation details, refer to the advisory at https://blog.csdn.net/weixin_43959580/article/details/146018191.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote unauthenticated exploitation of a public-facing service to trigger DoS via improper resource handling, directly mapping to application/system exploitation for endpoint denial of service.