CVE-2025-9157
published 2025-08-19CVE-2025-9157: A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file…
PriorityP425medium5.3CVSS 3.1
AVLACLPRLUINSUCLILAL
EPSS
0.13%
3.2th percentile
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| appneta | tcpreplay | — | — |
| appneta | tcpreplay | — | — |
| broadcom | tcpreplay | >= 0 < 4.5.2-1 | 4.5.2-1 |
| debian | tcpreplay | < tcpreplay 4.5.2-1 (forky) | tcpreplay 4.5.2-1 (forky) |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.3MEDIUMAV:L/AC:L/Au:S/C:P/I:P/A:P
osv4.8MEDIUM
vendor_debian4.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-9157: A vulnerability was determined in appneta tcpreplay up to 4
osv·2025-08-19·CVSS 4.8
CVE-2025-9157 [MEDIUM] CVE-2025-9157: A vulnerability was determined in appneta tcpreplay up to 4
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
GHSA
GHSA-9v49-c9x8-3hm2: A vulnerability was determined in appneta tcpreplay up to 4
ghsa_unreviewed·2025-08-19
CVE-2025-9157 [MEDIUM] CWE-119 GHSA-9v49-c9x8-3hm2: A vulnerability was determined in appneta tcpreplay up to 4
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
Debian
CVE-2025-9157: tcpreplay - A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impac...
vendor_debian·2025·CVSS 4.8
CVE-2025-9157 [MEDIUM] CVE-2025-9157: tcpreplay - A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impac...
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 4.5.2-1)
sid: resolved (fixed in 4.5.2-1)
trixie: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharinghttps://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35dahttps://github.com/appneta/tcpreplay/issues/970https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053https://vuldb.com/?ctiid.320537https://vuldb.com/?id.320537https://vuldb.com/?submit.630495
2025-08-19
Published