CVE-2025-9649

Public Exploit
appneta tcpreplay send_packets.c calc_sleep_time divide by zero

Description

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."

Category

4.8
CVSS
Severity: Medium
CVSS 4.0 •
CVSS 3.1 •
CVSS 2.0 •
Third-Party Advisory vuldb.com Third-Party Advisory vuldb.com
Affected: appneta tcpreplay
Published at:
Updated at:

References

Link Tags
https://vuldb.com/?id.321855 technical description vdb entry
https://vuldb.com/?ctiid.321855 signature permissions required
https://vuldb.com/?submit.630493 third party advisory
https://vuldb.com/?submit.630494 third party advisory
https://github.com/appneta/tcpreplay/issues/968 issue tracking
https://github.com/appneta/tcpreplay/issues/968#issuecomment-3226338070 issue tracking
https://drive.google.com/file/d/16QQtZvUrMbF-i_1cGt5hNWmkn-YVyBOM/view?usp=sharing exploit

Frequently Asked Questions

What is the severity of CVE-2025-9649?
CVE-2025-9649 has been scored as a medium severity vulnerability.
How to fix CVE-2025-9649?
To fix CVE-2025-9649, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-9649 being actively exploited in the wild?
It is possible that CVE-2025-9649 is being exploited or will be exploited in a near future based on public information.
What software or system is affected by CVE-2025-9649?
CVE-2025-9649 affects appneta tcpreplay.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.