CVE-2025-1492
Published: 20 February 2025
Summary
CVE-2025-1492 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Wireshark Wireshark. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely identification, reporting, and remediation of flaws in Wireshark directly prevents denial-of-service crashes from crafted Bundle Protocol or CBOR packets and capture files.
Receiving, disseminating, and implementing Wireshark security alerts and advisories like WNPA-SEC-2025-01 ensures prompt patching of CVE-2025-1492.
Policies enforcing approval, scanning, and monitoring of user-installed software like vulnerable Wireshark versions mitigate risks from unpatched installations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in Wireshark dissectors directly enables DoS via crafted capture file (T1204.002) or packet injection leading to application crash/exploitation (T1499.004).
NVD Description
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
Deeper analysisAI
CVE-2025-1492 affects the Bundle Protocol and CBOR dissectors in Wireshark versions 4.4.0 through 4.4.3 and 4.2.0 through 4.2.10. The vulnerability causes crashes in these dissectors, enabling denial of service via packet injection or a crafted capture file. It is associated with CWE-674 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Exploitation requires local access with low attack complexity and no privileges, but user interaction is necessary, such as convincing a user to open a malicious capture file or perform a live capture with injected packets. A successful attack results in Wireshark crashes, leading to denial of service with high impacts on confidentiality, integrity, and availability as scored by CVSS.
Wireshark's security advisory (WNPA-SEC-2025-01) and the related issue tracker provide details on mitigation: https://www.wireshark.org/security/wnpa-sec-2025-01.html and https://gitlab.com/wireshark/wireshark/-/issues/20373. The vulnerability was published on 2025-02-20.
Details
- CWE(s)