CVE-2025-9019

low-risk

Published 2025-08-15

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.1/10 Low

NETWORK / HIGH complexity

Affected Products (1)

Tcpreplay

Affected Vendors

Broadcom

References (14)

Exploit https://drive.google.com/file/d/13SQYVIb_YQoRfaJaaLf6iLtMiCRCHlBc/view?usp=shari...

Exploit https://github.com/appneta/tcpreplay/issues/958

Exploit https://github.com/appneta/tcpreplay/issues/958#issuecomment-3124876035

Exploit https://github.com/appneta/tcpreplay/issues/959

Permissions Required https://vuldb.com/?ctiid.320080

Third Party Advisory https://vuldb.com/?id.320080

Exploit https://vuldb.com/?submit.623635

Exploit https://vuldb.com/?submit.623636

Exploit https://vuldb.com/?submit.623637

Exploit https://vuldb.com/?submit.623638

Exploit https://vuldb.com/?submit.623639

Exploit https://github.com/appneta/tcpreplay/issues/958

Exploit https://github.com/appneta/tcpreplay/issues/959

Exploit https://vuldb.com/?submit.623639

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal