Vulnerability Description
A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Tcpreplay | <= 4.5.1 |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=shariExploit
- https://github.com/appneta/tcpreplay/issues/973ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.321219Permissions RequiredVDB Entry
- https://vuldb.com/?id.321219Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.630498Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-9386?
CVE-2025-9386 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use a...
How severe is CVE-2025-9386?
CVE-2025-9386 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9386?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Tcpreplay.