CVE-2025-29311

Name of the Vulnerable Software and Affected Versions onos version 2.7.0

Description The issue is related to limited secret space in LLDP packets, which can be exploited by attackers to obtain the private key via a brute force attack. Attackers can leverage this to create crafted LLDP packets.

Recommendations For onos version 2.7.0, consider restricting access to LLDP packets until a patch is available. As a temporary workaround, limit the use of LLDP packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.