CVE-2025-9385
BaseFortify
Publication date: 2025-08-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | tcpreplay | to 4.5.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9385 is a use-after-free vulnerability in the AppNeta tcpreplay tool, specifically in the fix_ipv6_checksums function of the tcprewrite component. The flaw occurs because after the packet buffer is resized using realloc, the function continues to access the original memory pointer which has been freed. This leads to a heap use-after-free error that can cause the program to crash or behave unexpectedly. Exploitation requires local access and a proof-of-concept exploit is publicly available. The issue affects versions up to 4.5.1 and is fixed in version 4.5.2-beta3. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing crashes or unexpected behavior in the tcpreplay tool due to use of freed memory. It affects the confidentiality, integrity, and availability of the affected system because arbitrary code execution or denial of service could potentially be triggered. However, exploitation requires local access, limiting remote attack possibilities. The vulnerability has a moderate severity score (CVSSv3 5.3). [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the heap use-after-free condition using the provided proof-of-concept (POC) file named POC_tcprewrite_ipv6_checksums_use_after_free_155. To detect it, compile tcprewrite with AddressSanitizer enabled and run the following command to trigger the vulnerability and observe a crash: ``` tcprewrite --fixlen pad -i POC_tcprewrite_ipv6_checksums_use_after_free_155 -o /dev/null ``` This command processes the malformed IPv6 packets in the POC file, causing the heap use-after-free error to manifest, which can be detected by AddressSanitizer logs and program termination. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the tcpreplay package to version 4.5.2-beta3 or later, which contains the fix for this vulnerability. Upgrading eliminates the use-after-free flaw in the fix_ipv6_checksums function and prevents exploitation. Additionally, restricting local access to trusted users can reduce risk until the upgrade is applied. [1]