CVE-2025-14769
Received Received - Intake
NULL Pointer Dereference in FreeBSD tcp-setmss Causes DoS

Publication date: 2026-03-09

Last updated on: 2026-03-17

Assigner: FreeBSD

Description
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14769
EUVD
EUVD-2025-208405
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 13.5
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
freebsd freebsd 14.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14769 is a denial of service (DoS) vulnerability in the FreeBSD ipfw firewall related to the `tcp-setmss` configuration directive.

The `tcp-setmss` handler may free the packet data and return an error without stopping the rule processing engine. This can cause a subsequent firewall rule to allow the now-invalid packet to pass, leading to a NULL pointer dereference and causing a system crash.

This vulnerability is triggered by maliciously crafted packets sent from a remote host when the `tcp-setmss` directive is used.

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) condition on affected FreeBSD systems using the ipfw firewall with the `tcp-setmss` directive.

An attacker can send specially crafted packets remotely that trigger a system crash by causing a NULL pointer dereference in the firewall processing.

Systems not using ipfw with the `tcp-setmss` directive are not impacted.

Compliance Impact

I don't know

Detection Guidance

There is no specific detection method or commands provided to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate CVE-2025-14769, you should upgrade to patched versions of FreeBSD stable or release branches dated after November and December 2025.

Apply updates either via binary patches using the freebsd-update utility on supported platforms (amd64, arm64, and i386 on FreeBSD 13) or by applying source code patches from the FreeBSD security website, then recompile the kernel and reboot the system.

If your system does not use ipfw with the tcp-setmss directive, it is not impacted by this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14769. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart