CVE-2025-9157 (GCVE-0-2025-9157)
Vulnerability from cvelistv5
Published
2025-08-19 20:02
Modified
2025-08-19 20:32
Severity ?
1.9 (Low) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
CWE
Summary
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.
References
Impacted products
Vendor Product Version
appneta tcpreplay Version: 4.5.2-beta1
Version: 4.5.2-beta2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9157",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-19T20:32:34.213995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-19T20:32:45.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "tcprewrite"
          ],
          "product": "tcpreplay",
          "vendor": "appneta",
          "versions": [
            {
              "status": "affected",
              "version": "4.5.2-beta1"
            },
            {
              "status": "affected",
              "version": "4.5.2-beta2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "HeureuxBuilding (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in appneta tcpreplay bis 4.5.2-beta2 entdeckt. Es geht hierbei um die Funktion untrunc_packet der Datei src/tcpedit/edit_packet.c der Komponente tcprewrite. Durch das Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Der Patch tr\u00e4gt den Namen 73008f261f1cdf7a1087dc8759115242696d35da. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\u00f6sen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.3,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T20:02:08.552Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320537 | appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.320537"
        },
        {
          "name": "VDB-320537 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320537"
        },
        {
          "name": "Submit #630495 | tcpreplay tcprewrite  tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.630495"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/appneta/tcpreplay/issues/970"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-19T11:31:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9157",
    "datePublished": "2025-08-19T20:02:08.552Z",
    "dateReserved": "2025-08-19T09:26:39.372Z",
    "dateUpdated": "2025-08-19T20:32:45.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-9157\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-19T20:15:37.310\",\"lastModified\":\"2025-08-20T14:40:17.713\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad en appneta tcpreplay hasta la versi\u00f3n 4.5.2-beta2. El elemento afectado es la funci\u00f3n untrunc_packet del archivo src/tcpedit/edit_packet.c del componente tcprewrite. La manipulaci\u00f3n puede provocar un use after free. Es posible lanzar el ataque contra el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado . Este parche se llama 73008f261f1cdf7a1087dc8759115242696d35da. Se recomienda aplicar un parche para resolver este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/appneta/tcpreplay/issues/970\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.320537\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.320537\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.630495\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9157\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-19T20:32:34.213995Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-19T20:32:39.621Z\"}}], \"cna\": {\"title\": \"appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"HeureuxBuilding (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4.3, \"vectorString\": \"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"appneta\", \"modules\": [\"tcprewrite\"], \"product\": \"tcpreplay\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.2-beta1\"}, {\"status\": \"affected\", \"version\": \"4.5.2-beta2\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-19T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-08-19T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-08-19T11:31:47.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.320537\", \"name\": \"VDB-320537 | appneta tcpreplay tcprewrite edit_packet.c untrunc_packet use after free\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.320537\", \"name\": \"VDB-320537 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.630495\", \"name\": \"Submit #630495 | tcpreplay tcprewrite  tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/appneta/tcpreplay/issues/970\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine Schwachstelle in appneta tcpreplay bis 4.5.2-beta2 entdeckt. Es geht hierbei um die Funktion untrunc_packet der Datei src/tcpedit/edit_packet.c der Komponente tcprewrite. Durch das Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Die Schwachstelle wurde \\u00f6ffentlich offengelegt und k\\u00f6nnte ausgenutzt werden. Der Patch tr\\u00e4gt den Namen 73008f261f1cdf7a1087dc8759115242696d35da. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\\u00f6sen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"Use After Free\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-08-19T20:02:08.552Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-9157\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-19T20:32:45.294Z\", \"dateReserved\": \"2025-08-19T09:26:39.372Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-08-19T20:02:08.552Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.