CVE-2025-9649
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9649
EUVD
EUVD-2025-26193
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom tcpreplay 4.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9649 is a divide-by-zero vulnerability in the tcpreplay utility (version 4.5.1 and certain later commits). It occurs in the function calc_sleep_time within the send_packets.c source file. The vulnerability arises because the program does not properly validate input parameters related to bandwidth rate or packets per second (PPS), allowing extremely small or malformed values to be used as divisors. This causes a division by zero, triggering a floating-point exception (SIGFPE) and causing the program to crash immediately. Exploitation requires local access and can be triggered by replaying specially crafted packet data with malicious parameters. The issue has been confirmed and fixed in version 4.5.3-beta3 and later. [1, 2, 3, 4]

Impact Analysis

This vulnerability can impact you by causing the tcpreplay program to crash due to a division by zero error. This results in a denial of service (DoS) condition where the software becomes unavailable or stops functioning unexpectedly. Since exploitation requires local access and specially crafted input, an attacker with local privileges can trigger this crash, potentially disrupting network testing or replay operations that rely on tcpreplay. [1, 2, 3, 4]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the division by zero crash locally on the affected system using the provided proof-of-concept (PoC) files and specific command-line parameters that trigger the flaw. For example, compile tcpreplay with AddressSanitizer enabled and run commands such as: - For MBPS parameter exploitation: tcpreplay -M 0.000001 -i lo POC_tcpreplay_calc_sleep_time_mbps_division_by_zero_1091 - For PPS parameter exploitation: tcpreplay -p -0.000001 -i lo POC_tcpreplay_calc_sleep_time_pps_division_by_zero_1125 These commands use specially crafted packet capture files and extremely small bandwidth or packet rate parameters to trigger the floating-point exception (division by zero) and cause the program to crash, confirming the presence of the vulnerability. [2, 4]

Mitigation Strategies

The immediate mitigation step is to upgrade the affected tcpreplay software to version 4.5.3-beta3 or later, as this version has been confirmed by the vendor to not contain the vulnerability. Avoid running vulnerable versions locally, especially with untrusted input parameters that could trigger the divide-by-zero condition. If upgrading is not immediately possible, restrict local access to the system to prevent exploitation, since the attack requires local access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9649. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart