Vulnerability DatabaseCVE-2025-12200

CVE-2025-12200:
dnsmasq vulnerability analysis and mitigation

Overview

CVE-2025-12200 was initially reported as a vulnerability in dnsmasq up to version 2.73rc6, specifically in the parse_dhcp_opt function of the src/option.c component. However, this CVE was later rejected and withdrawn by its CNA (Certificate Numbering Authority) after further investigation showed that it was not a security issue. The reported conditions were determined to represent expected and intentional behavior within dnsmasq's documented design (NVD).

Technical details

The initially reported issue was described as a null pointer dereference vulnerability in the Config File Handler component, specifically affecting the parse_dhcp_opt function. The vulnerability was initially assigned various CVSS scores, but these were later removed when the issue was determined not to be a security vulnerability (NVD).

Impact

Since the reported issue was determined not to be a security vulnerability, there was no actual security impact. The reported conditions were found to be part of the expected and documented behavior of dnsmasq (NVD).

Mitigation and workarounds

No mitigations or workarounds were necessary as the reported issue was determined not to be a security vulnerability. The behavior in question was confirmed to be part of dnsmasq's intended design (NVD).

Community reactions

The security community engaged in discussions about the validity of this CVE, with Art Manion requesting VulDB to mark the dnsmasq CVE IDs as disputed. Subsequently, VulDB decided to reject the CVE entirely (Openwall).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

Published October 27, 2025

CNA Score N/A

Affected Technologies

dnsmasq
Linux Red Hat

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) N/A

Exploitation Probability (EPSS) N/A

Affected packages and libraries

dnsmasq-utils
dnsmasq

Sources

NVD
Debian Security Tracker
- Debian 11, 12, 13, 14 Severity LOWNo FixAdded at: Oct 28, 2025
Red Hat Errata
- Red Hat 6, 7, 8, 9, 10 Severity LOWNo FixAdded at: Oct 28, 2025
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.04, 25.10 Severity MEDIUMNo FixAdded at: Nov 02, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related dnsmasq vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2023-49441	HIGH	7.5	dnsmasq	dnsmasq	No	Yes	Jun 06, 2024
CVE-2023-28450	HIGH	7.5	NixOS	dnsmasq-utils-debuginfo	No	Yes	Mar 15, 2023
CVE-2025-12200	N/A	N/A	dnsmasq	dnsmasq-utils	No	No	Oct 27, 2025
CVE-2025-12199	N/A	N/A	dnsmasq	dnsmasq	No	No	Oct 27, 2025
CVE-2025-12198	N/A	N/A	dnsmasq	dnsmasq	No	No	Oct 27, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-12200: dnsmasq vulnerability analysis and mitigation