CVE-2025-1492

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.2.0 through 4.2.10 Wireshark versions 4.4.0 through 4.4.3

Description The issue allows denial of service via packet injection or crafted capture file, specifically affecting the Bundle Protocol and CBOR dissector in Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Recommendations For Wireshark versions 4.2.0 through 4.2.10, update to a version outside of this range to resolve the issue. For Wireshark versions 4.4.0 through 4.4.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider avoiding the use of the Bundle Protocol and CBOR dissector until a patch is available.

Exploit

Fix

DoS

Uncontrolled Recursion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-20

Related Identifiers

ALSA-2025:9121

ALT-PU-2025-3609

ALT-PU-2025-3923

BDU:2025-10912

CVE-2025-1492

OPENSUSE-SU-2025:14831-1

OPENSUSE-SU-2025_0754-1

RHSA-2025:9121

SUSE-SU-2025:0754-1

SUSE-SU-2025_0754-1

SUSE-SU-2026:1169-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Wireshark

CVE-2025-1492

Weakness Enumeration

Related Identifiers

Affected Products

References · 66