CVE-2025-9649

EUVD-2025-26193

29.08.2025, 14:15

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
VulDB	CNA	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
broadcom	tcpreplay	4.5.1

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
appneta	tcpreplay	4.5.1	CNA

Debian Releases

Debian Product

Codename

tcpreplay

bookworm	unimportant
bullseye	unimportant
forky	4.5.2-1 fixed
sid	4.5.2-1 fixed
trixie	unimportant

Known Exploits!

Common Weakness Enumeration

CWE-369 - Divide By Zero
The product divides a value by zero.

References

https://drive.google.com/file/d/16QQtZvUrMbF-i_1cGt5hNWmkn-YVyBOM/view?usp=sharing

https://github.com/appneta/tcpreplay/issues/968

https://github.com/appneta/tcpreplay/issues/968#issuecomment-3226338070

https://vuldb.com/?ctiid.321855

https://vuldb.com/?id.321855

https://vuldb.com/?submit.630493

https://vuldb.com/?submit.630494