CVE-2025-0638

{"id": "CVE-2025-0638", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-0638", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T16:15:35.504737Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "sep@nlnetlabs.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "affected": [{"source": "sep@nlnetlabs.nl", "affectedData": [{"vendor": "NLnet Labs", "product": "Routinator", "versions": [{"status": "unaffected", "version": "0.14.1", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "affected"}]}], "published": "2025-01-22T16:15:29.977", "references": [{"url": "https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt", "source": "sep@nlnetlabs.nl"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "sep@nlnetlabs.nl", "description": [{"lang": "en", "value": "CWE-1286"}]}], "descriptions": [{"lang": "en", "value": "The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator."}, {"lang": "es", "value": "El c\u00f3digo inicial que analiza el manifiesto no verifica el contenido de los nombres de los archivos, pero el c\u00f3digo posterior asumi\u00f3 que estaba verificado y entr\u00f3 en p\u00e1nico al encontrar caracteres ilegales, lo que provoc\u00f3 un bloqueo de Routinator."}], "lastModified": "2026-06-17T08:26:53.137", "sourceIdentifier": "sep@nlnetlabs.nl"}