Medium severity5.3NVD Advisory· Published Aug 24, 2025· Updated Apr 29, 2026

CVE-2025-9386

Description

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.

Affected products

Broadcom Corporation/Tcpreplay
cpe:2.3:a:broadcom:tcpreplay:*:*:*:*:*:*:*:*
Range: <=4.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/viewnvdExploit
github.com/appneta/tcpreplay/issues/973nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000