{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-0638","assignerOrgId":"206fc3a0-e175-490b-9eaa-a5738056c9f6","state":"PUBLISHED","assignerShortName":"NLnet Labs","dateReserved":"2025-01-22T11:07:17.929Z","datePublished":"2025-01-22T15:48:44.796Z","dateUpdated":"2025-02-12T20:41:23.525Z"},"containers":{"cna":{"title":"Routinator crashes when illegal characters are present in manifest file names","datePublic":"2025-01-22T00:00:00.000Z","affected":[{"vendor":"NLnet Labs","product":"Routinator","versions":[{"version":"0.14.1","status":"unaffected","lessThan":"*","versionType":"semver"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator."}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-1286","description":"CWE-1286: Improper Validation of Syntactic Correctness of Input","type":"CWE"}]}],"solutions":[{"lang":"en","value":"This issue is fixed in 0.14.1 and all later versions."}],"timeline":[{"time":"2024-12-20T00:00:00.000Z","lang":"en","value":"Issue reported"},{"time":"2025-01-22T00:00:00.000Z","lang":"en","value":"Fixes released"}],"credits":[{"lang":"en","value":"Haya Schulmann, Niklas Vogel; Goethe University Frankfurt/ATHENE Center","type":"finder"}],"references":[{"url":"https://www.nlnetlabs.nl/downloads/routinator/CVE-2025-0638.txt","tags":["vendor-advisory"]}],"providerMetadata":{"orgId":"206fc3a0-e175-490b-9eaa-a5738056c9f6","shortName":"NLnet Labs","dateUpdated":"2025-01-22T15:48:44.796Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-0638","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-01-22T16:15:35.504737Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-12T20:41:23.525Z"}}]}}