{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14769", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "state": "PUBLISHED", "assignerShortName": "freebsd", "dateReserved": "2025-12-16T02:00:18.446Z", "datePublished": "2026-03-09T11:34:52.386Z", "dateUpdated": "2026-03-09T13:30:18.204Z"}, "containers": {"cna": {"datePublic": "2025-12-17T02:00:00.000Z", "title": "ipfw denial of service", "references": [{"tags": ["vendor-advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc"}], "affected": [{"defaultStatus": "unknown", "modules": ["ipfw"], "product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"lessThan": "p7", "status": "affected", "version": "14.3-RELEASE", "versionType": "release"}, {"lessThan": "p8", "status": "affected", "version": "13.5-RELEASE", "versionType": "release"}]}], "descriptions": [{"lang": "en", "value": "In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.\n\nMaliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2026-03-09T11:34:52.386Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T13:29:55.593430Z", "id": "CVE-2025-14769", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T13:30:18.204Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-14769", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T13:29:55.593430Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T13:29:47.428Z"}}], "cna": {"title": "ipfw denial of service", "affected": [{"vendor": "FreeBSD", "modules": ["ipfw"], "product": "FreeBSD", "versions": [{"status": "affected", "version": "14.3-RELEASE", "lessThan": "p7", "versionType": "release"}, {"status": "affected", "version": "13.5-RELEASE", "lessThan": "p8", "versionType": "release"}], "defaultStatus": "unknown"}], "datePublic": "2025-12-17T02:00:00.000Z", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.\n\nMaliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd", "dateUpdated": "2026-03-09T11:34:52.386Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14769", "state": "PUBLISHED", "dateUpdated": "2026-03-09T13:30:18.204Z", "dateReserved": "2025-12-16T02:00:18.446Z", "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "datePublished": "2026-03-09T11:34:52.386Z", "assignerShortName": "freebsd"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:-:*:*:*:*:*:*", "matchCriteriaId": "947F561E-AD65-43B9-94C1-3109A3D35248", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p1:*:*:*:*:*:*", "matchCriteriaId": "3D1987F1-1E08-4B28-8D16-D25A091D99ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p2:*:*:*:*:*:*", "matchCriteriaId": "BEC1E8A0-0402-45F1-938D-FEFDCFC3E747", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p3:*:*:*:*:*:*", "matchCriteriaId": "D94457D6-738F-4ABB-BD46-F2B621531FE2", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p4:*:*:*:*:*:*", "matchCriteriaId": "8C38CB56-B80C-4D1B-9267-16E8F985B170", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p5:*:*:*:*:*:*", "matchCriteriaId": "13DF1E38-5E8D-42FF-A4C5-092300864F3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p6:*:*:*:*:*:*", "matchCriteriaId": "83A86F81-0965-4600-835A-496756137998", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:13.5:p7:*:*:*:*:*:*", "matchCriteriaId": "987E31A4-7E21-471E-A3EA-4E53FFDB3DFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:-:*:*:*:*:*:*", "matchCriteriaId": "9DC7C54E-58AF-4ADE-84AF-0EF0F325E20E", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p1:*:*:*:*:*:*", "matchCriteriaId": "D3D22B8C-36CF-4800-9673-0B0240558BDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p2:*:*:*:*:*:*", "matchCriteriaId": "242FA2A8-5D7D-4617-A411-2651FF3A3E4C", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p3:*:*:*:*:*:*", "matchCriteriaId": "40573F60-F3B7-4AEC-846A-B08E5B7D9D00", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p4:*:*:*:*:*:*", "matchCriteriaId": "1FB832CE-0A98-44A2-8BAC-CD38A64279B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p5:*:*:*:*:*:*", "matchCriteriaId": "9A785F8E-C218-41AE-8D57-BF06DDAEF7CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:14.3:p6:*:*:*:*:*:*", "matchCriteriaId": "C3909FDD-B2A2-45B6-A40B-1D303A717F15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.\n\nMaliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass."}, {"lang": "es", "value": "En algunos casos, el gestor `tcp-setmss` puede liberar los datos del paquete y lanzar un error sin detener el motor de procesamiento de reglas. Una regla posterior puede entonces permitir el tr\u00e1fico despu\u00e9s de que los datos del paquete hayan desaparecido, lo que resulta en una desreferencia de puntero NULL.\n\nPaquetes creados maliciosamente enviados desde un host remoto pueden resultar en una Denegaci\u00f3n de Servicio (DoS) si se utiliza la directiva `tcp-setmss` y una regla posterior permitir\u00eda el paso del tr\u00e1fico."}], "id": "CVE-2025-14769", "lastModified": "2026-03-17T15:55:19.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-09T12:16:11.280", "references": [{"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://security.freebsd.org/advisories/FreeBSD-SA-25:11.ipfw.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "secteam@freebsd.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[14.3-RELEASE,p7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[13.5-RELEASE,p8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FreeBSD", "source": "cna", "vendor": "FreeBSD"}, "product": "freebsd", "vendor": "freebsd"}], "created": "2026-03-10T14:07:29.519276+00:00", "updated": "2026-03-10T14:07:29.519380+00:00", "vendors": ["freebsd", "freebsd$PRODUCT$freebsd"]}