CVE-2025-43972

CVE Details

Visit the official vulnerability details page for CVE-2025-43972 to learn more.

Initial Publication

04/22/2025

Last Update

08/12/2025

Third Party Dependency

github.com/osrg/gobgp/v3

NIST CVE Summary

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

CVE Severity

7.5

Our Official Summary

By sending fewer than 20 bytes of data under specific conditions, an attacker can trigger an application crash. This vulnerability may result in a denial of service, affecting the availability of the BGP service and potentially disrupting network operations.

The risk of exploitation is considered low, as it requires both knowledge of the configuration and privileged access to the containers. Additionally, the impact is limited due to containerization, which restricts the attack surface. Upstream patches addressing these issues are available and will be adopted to remediate the vulnerabilities.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.7.8	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted
4.6.41	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted

Revision History

Date	Revision
08/12/2025	Official summary revised: By sending fewer than 20 bytes of data under specific conditions, an attacker can trigger an application crash. This vulnerability may result in a denial of service, affecting the availability of the BGP service and potentially disrupting network operations.The risk of exploitation is considered low, as it requires both knowledge of the configuration and privileged access to the containers. Additionally, the impact is limited due to containerization, which restricts the attack surface. Upstream patches addressing these issues are available and will be adopted to remediate the vulnerabilities.
05/20/2025	Status changed from Open to Ongoing
05/15/2025	Advisory severity revised to HIGH from