CVE-2025-9385
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-24
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9385
EUVD
EUVD-2025-25643
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom tcpreplay to 4.5.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9385 is a use-after-free vulnerability in the AppNeta tcpreplay tool, specifically in the fix_ipv6_checksums function of the tcprewrite component. The flaw occurs because after the packet buffer is resized using realloc, the function continues to access the original memory pointer which has been freed. This leads to a heap use-after-free error that can cause the program to crash or behave unexpectedly. Exploitation requires local access and a proof-of-concept exploit is publicly available. The issue affects versions up to 4.5.1 and is fixed in version 4.5.2-beta3. [1, 2, 3]

Impact Analysis

This vulnerability can impact you by causing crashes or unexpected behavior in the tcpreplay tool due to use of freed memory. It affects the confidentiality, integrity, and availability of the affected system because arbitrary code execution or denial of service could potentially be triggered. However, exploitation requires local access, limiting remote attack possibilities. The vulnerability has a moderate severity score (CVSSv3 5.3). [1]

Detection Guidance

This vulnerability can be detected by reproducing the heap use-after-free condition using the provided proof-of-concept (POC) file named POC_tcprewrite_ipv6_checksums_use_after_free_155. To detect it, compile tcprewrite with AddressSanitizer enabled and run the following command to trigger the vulnerability and observe a crash: ``` tcprewrite --fixlen pad -i POC_tcprewrite_ipv6_checksums_use_after_free_155 -o /dev/null ``` This command processes the malformed IPv6 packets in the POC file, causing the heap use-after-free error to manifest, which can be detected by AddressSanitizer logs and program termination. [2, 3]

Mitigation Strategies

The immediate mitigation step is to upgrade the tcpreplay package to version 4.5.2-beta3 or later, which contains the fix for this vulnerability. Upgrading eliminates the use-after-free flaw in the fix_ipv6_checksums function and prevents exploitation. Additionally, restricting local access to trusted users can reduce risk until the upgrade is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9385. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart