Low severity3.3NVD Advisory· Published Aug 24, 2025· Updated Apr 29, 2026

CVE-2025-9384

Description

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".

Affected products

Broadcom Corporation/Tcpreplay
cpe:2.3:a:broadcom:tcpreplay:*:*:*:*:*:*:*:*
Range: <=4.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/1oVmsER6CXULLz_rnIyL410DJqO_hBtw_/viewnvdExploit
github.com/appneta/tcpreplay/issues/971nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/appneta/tcpreplay/issues/971nvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000