CVE-2025-29310

9.8

Critical

Published:24 Mar 2025

Last updated:17 Jun 2026

Source:cve@mitre.org

Analyzed

Weakness (CWE)

CWE-502Deserialization of Untrusted Data

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information.

References

cve@mitre.org

https://gist.github.com/Saber-Berserker/10c9d548b38fa988310d90b8314e3129.