CVE-2025-11017: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was detected in OGRECave Ogre versions up to 14.4.1, identified as CVE-2025-11017. The vulnerability affects the function Ogre::LogManager::stream in the file /ogre/OgreMain/src/OgreLogManager.cpp. The issue was discovered and publicly disclosed on September 26, 2025 (NVD).

The vulnerability is a null pointer dereference issue that occurs when manipulating the argument mDefaultLog in the LogManager::stream function. The vulnerability has been assigned a CVSS v4.0 score of 4.8 (Medium) with vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P. The issue has been classified under CWE-476 (NULL Pointer Dereference) and CWE-404 (Improper Resource Shutdown or Release) (NVD).

The vulnerability can lead to a program crash through null pointer dereference when the mDefaultLog pointer is not properly initialized or assigned. The impact is primarily on availability, with no direct effects on confidentiality or integrity (GitHub Issue).

The vulnerability affects multiple versions of OGRECave Ogre up to version 14.4.1. Users should update to a patched version when available. Currently, there is no specific patch version mentioned in the available sources (Debian Security).