Mikrotik · Mikrotik Routeros · CVE-2025-6443
Name of the Vulnerable Software and Affected Versions:
Mikrotik RouterOS (affected versions not specified)
Description:
This issue allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this issue. The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic, resulting from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this issue to gain access to internal network resources.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this issue.