Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-9157

Date: August 19, 2025

A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da. Applying a patch is advised to resolve this issue.

Severity Score

Related Resources (10)

https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da
https://security-tracker.debian.org/tracker/CVE-2025-9157
https://nvd.nist.gov/vuln/detail/CVE-2025-9157
https://github.com/appneta/tcpreplay/issues/970
https://vuldb.com/?ctiid.320537
https://vuldb.com/?id.320537
https://vuldb.com/?submit.630495
https://drive.google.com/file/d/1_aONM_TOF96JbnYviPyZhVk-7HObtX8H/view?usp=sharing
https://github.com/appneta/tcpreplay/issues/970#issuecomment-3198966053
https://www.mend.io/vulnerability-database/CVE-2025-9157

Severity Score

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Use After Free

CWE-416

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us