{"api_version":"1","generated_at":"2026-05-13T01:06:39+00:00","cve":"CVE-2025-9386","urls":{"html":"https://cve.report/CVE-2025-9386","api":"https://cve.report/api/cve/CVE-2025-9386.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-9386","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-9386"},"summary":{"title":"appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free","description":"A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.","state":"PUBLISHED","assigner":"VulDB","published_at":"2025-08-24 11:15:34","updated_at":"2026-04-29 01:00:01"},"problem_types":["CWE-119","CWE-416","CWE-416 Use After Free","CWE-119 Memory Corruption"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"1.9","severity":"LOW","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"4.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"4.3","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"4.3","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","data":{"baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","version":"2.0"}}],"references":[{"url":"https://github.com/appneta/tcpreplay/issues/973","name":"https://github.com/appneta/tcpreplay/issues/973","refsource":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?submit.630498","name":"https://vuldb.com/?submit.630498","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?id.321219","name":"https://vuldb.com/?id.321219","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?ctiid.321219","name":"https://vuldb.com/?ctiid.321219","refsource":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=sharing","name":"https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=sharing","refsource":"cna@vuldb.com","tags":["Exploit"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-9386","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9386","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"appneta","product":"tcpreplay","version":"affected 4.5.0","platforms":[]},{"source":"CNA","vendor":"appneta","product":"tcpreplay","version":"affected 4.5.1","platforms":[]},{"source":"CNA","vendor":"appneta","product":"tcpreplay","version":"unaffected 4.5.2-beta3","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-08-23T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2025-08-23T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2025-08-23T17:14:46.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"HeureuxBuilding (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"9386","vulnerable":"1","versionEndIncluding":"4.5.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"tcpreplay","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-9386","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-08-25T20:26:18.668059Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-08-25T20:26:30.907Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"modules":["tcprewrite"],"product":"tcpreplay","vendor":"appneta","versions":[{"status":"affected","version":"4.5.0"},{"status":"affected","version":"4.5.1"},{"status":"unaffected","version":"4.5.2-beta3"}]}],"credits":[{"lang":"en","type":"reporter","value":"HeureuxBuilding (VulDB User)"}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component."},{"lang":"de","value":"In appneta tcpreplay bis 4.5.1 ist eine Schwachstelle entdeckt worden. Betroffen hiervon ist die Funktion get_l2len_protocol der Datei get.c der Komponente tcprewrite. Durch die Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde veröffentlicht und kann verwendet werden. Durch ein Upgrade auf Version 4.5.2-beta3 kann dieses Problem behoben werden. Die Aktualisierung der betroffenen Komponente wird empfohlen."}],"metrics":[{"cvssV4_0":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV3_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C","version":"3.0"}},{"cvssV2_0":{"baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"Use After Free","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-119","description":"Memory Corruption","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-08-24T11:02:07.459Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-321219 | appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/?id.321219"},{"name":"VDB-321219 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/?ctiid.321219"},{"name":"Submit #630498 | tcpreplay tcprewrite  tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Use-After-Free","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.630498"},{"tags":["issue-tracking"],"url":"https://github.com/appneta/tcpreplay/issues/973"},{"tags":["exploit"],"url":"https://drive.google.com/file/d/1DcQWaTmj1HSbRidOCWwe9vtgHsBnFuX7/view?usp=sharing"}],"timeline":[{"lang":"en","time":"2025-08-23T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2025-08-23T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2025-08-23T17:14:46.000Z","value":"VulDB entry last update"}],"title":"appneta tcpreplay tcprewrite get.c get_l2len_protocol use after free"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2025-9386","datePublished":"2025-08-24T11:02:07.459Z","dateReserved":"2025-08-23T15:09:37.515Z","dateUpdated":"2025-08-25T20:26:30.907Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2025-08-24 11:15:34","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["CWE-119","CWE-416","CWE-416 Use After Free","CWE-119 Memory Corruption"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:tcpreplay:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.1","matchCriteriaId":"E5F64212-2DE0-425B-899A-19DD9AAEEC94"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"9386","Ordinal":"1","Title":"appneta tcpreplay tcprewrite get.c get_l2len_protocol use after ","CVE":"CVE-2025-9386","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"9386","Ordinal":"1","NoteData":"A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.","Type":"Description","Title":"appneta tcpreplay tcprewrite get.c get_l2len_protocol use after "}]}}}