CVE-2025-6443— Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-6443
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
MikroTik RouterOS 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中,使其提供路由器功能。 MikroTik RouterOS存在访问控制错误漏洞,该漏洞源于处理VXLAN流量时未验证远程IP地址,可能导致绕过访问限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-6443
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-6443
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: RouterOS
- CVE-2025-42611
Improper certificate validation in multiple RouterOS service - CVE-2026-7668
MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out- - CVE-2025-10948
MikroTik RouterOS libjson.so print parse_json_element buffer - CVE-2025-6563
Cross-site scripting via dst parameter in RouterOS WiFi hots - CVE-2023-32154
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Exec
Same vendor: Mikrotik
- CVE-2025-42611
Improper certificate validation in multiple RouterOS service - CVE-2026-7668
MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out- - CVE-2025-10948
MikroTik RouterOS libjson.so print parse_json_element buffer - CVE-2025-6563
Cross-site scripting via dst parameter in RouterOS WiFi hots - CVE-2023-32154
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Exec
Same weakness: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. Comments for CVE-2025-6443
No comments yet