CVE-2025-1492

High

Published: 20 February 2025

Published

20 February 2025

Modified

10 April 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0005 15.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Security Summary

CVE-2025-1492 affects the Bundle Protocol and CBOR dissectors in Wireshark versions 4.4.0 through 4.4.3 and 4.2.0 through 4.2.10. The vulnerability causes crashes in these dissectors, enabling denial of service via packet injection or a crafted capture file. It is associated with CWE-674 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires local access with low attack complexity and no privileges, but user interaction is necessary, such as convincing a user to open a malicious capture file or perform a live capture with injected packets. A successful attack results in Wireshark crashes, leading to denial of service with high impacts on confidentiality, integrity, and availability as scored by CVSS.

Wireshark's security advisory (WNPA-SEC-2025-01) and the related issue tracker provide details on mitigation: https://www.wireshark.org/security/wnpa-sec-2025-01.html and https://gitlab.com/wireshark/wireshark/-/issues/20373. The vulnerability was published on 2025-02-20.

Details

CWE(s): CWE-674

Affected Products

wireshark

4.2.0 — 4.2.10 · 4.4.0 — 4.4.3

References

https://gitlab.com/wireshark/wireshark/-/issues/20373
Issue Tracking · cve@gitlab.com
https://www.wireshark.org/security/wnpa-sec-2025-01.html
Vendor Advisory · cve@gitlab.com