CVE-2025-9386

EUVD-2025-25642
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
broadcomtcpreplay
𝑥
≤ 4.5.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
appnetatcpreplay
4.5.0
CNA
appnetatcpreplay
4.5.1
CNA
Debian logo
Debian Releases
Debian Product
Codename
tcpreplay
bookworm
unimportant
bullseye
unimportant
forky
4.5.2-1
fixed
sid
4.5.2-1
fixed
trixie
unimportant
Common Weakness Enumeration
References
https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=sharing
https://github.com/appneta/tcpreplay/issues/973
https://vuldb.com/?ctiid.321219
https://vuldb.com/?id.321219
https://vuldb.com/?submit.630498