High severity7.5NVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026
CVE-2025-40820
CVE-2025-40820
Description
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.