CVE-2025-7464 MEDIUM

CVE-2025-7464: osrg GoBGP rtr.go SplitRTR out-of-bounds

Vendor Osrg
Product GoBGP
Weakness CWE-125
Published July 12, 2025
Last update July 14, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.

Key dates

02Disclosure timeline

July 12, 2025 CVE published
July 14, 2025 Record updated