What is CVE-2025-7464?

CVE-2025-7464 is a low-severity vulnerability in Osrg Gobgp, classified under Out-of-bounds Read. CVSS score: 3.7/10. Published 2025-07-12.

How severe is CVE-2025-7464?

Low severity. CVSS v3 base score is 3.7 out of 10.

Out-of-bounds Read in Osrg Gobgp

CVE-2025-7464

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack rem…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (54.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C.

Affected products

Osrg Gobgp — versions 3.0, 3.1, 3.2

Weakness classification (CWE)

References

VDB-316116 | osrg GoBGP rtr.go SplitRTR out-of-bounds (vdb-entry, technical-description)
VDB-316116 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
Submit #610193 | NTT Open Source GoBGP defe9ac1b1f1c854d1941a5b70dee3aaed6fb960 Out-of-Bounds Read (third-party-advisory)
github.com/osrg/gobgp/commit/e748f43496d74946d14fed85c776452e47b99d64 (patch)

Frequently asked questions

What is CVE-2025-7464?: CVE-2025-7464 is a low-severity vulnerability in Osrg Gobgp, classified under Out-of-bounds Read. CVSS score: 3.7/10. Published 2025-07-12.
How severe is CVE-2025-7464?: Low severity. CVSS v3 base score is 3.7 out of 10.