CVE-2025-10948 | MikroTik RouterOS 7 libjson.so /rest/ip/address/print parse_json_element buffer overflow

Inserito da Angelo Barbosa | Set 25, 2025 | CVE

A vulnerability identified as critical has been detected in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow.

This vulnerability is uniquely identified as CVE-2025-10948. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10948 | MikroTik RouterOS 7 libjson.so /rest/ip/address/print parse_json_element buffer overflow

Post correlati

CVE-2023-33062 | Qualcomm QCA8386 WLAN Firmware denial of service

CVE-2025-49760 | Microsoft Windows up to Server 2025 Storage file inclusion

CVE-2025-40924 | HAARG Catalyst::Plugin::Session up to 0.43 on Perl rand generation of predictable numbers or identifiers

CVE-2025-24438 | Adobe Commerce cross site scripting (apsb25-08)