Medium severity5.3NVD Advisory· Published Aug 24, 2025· Updated Apr 29, 2026

CVE-2025-9385

Description

A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

Affected products

Broadcom Corporation/Tcpreplay
cpe:2.3:a:broadcom:tcpreplay:*:*:*:*:*:*:*:*
Range: <=4.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/1BQZF558bRHv07wtlCoZgtqTlEpHgfytp/viewnvdExploit
github.com/appneta/tcpreplay/issues/972nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/appneta/tcpreplay/issues/972nvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000