Cyber Resilience

CVE-2025-1492

High

Published: 20 February 2025

Published
20 February 2025
Modified
10 April 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0005 16.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1492 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Wireshark Wireshark. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Deeper analysis

CVE-2025-1492 affects the Bundle Protocol and CBOR dissectors in Wireshark versions 4.4.0 through 4.4.3 and 4.2.0 through 4.2.10. The vulnerability causes crashes in these dissectors, enabling denial of service via packet injection or a crafted capture file. It is associated with CWE-674 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires local access with low attack complexity and no privileges, but user interaction is necessary, such as convincing a user to open a malicious capture file or perform a live capture with injected packets. A successful attack results in Wireshark crashes, leading to denial of service with high impacts on confidentiality, integrity, and availability as scored by CVSS.

Wireshark's security advisory (WNPA-SEC-2025-01) and the related issue tracker provide details on mitigation: https://www.wireshark.org/security/wnpa-sec-2025-01.html and https://gitlab.com/wireshark/wireshark/-/issues/20373. The vulnerability was published on 2025-02-20.

EU & UK References

Vulnerability details

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in Wireshark dissectors directly enables DoS via crafted capture file (T1204.002) or packet injection leading to application crash/exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3203Same product: Wireshark Wireshark
CVE-2026-5657Same product: Wireshark Wireshark
CVE-2026-5655Same product: Wireshark Wireshark
CVE-2026-6519Same product: Wireshark Wireshark
CVE-2026-5653Same product: Wireshark Wireshark
CVE-2026-7375Same product: Wireshark Wireshark
CVE-2026-5654Same product: Wireshark Wireshark
CVE-2026-6520Same product: Wireshark Wireshark
CVE-2026-3201Same product: Wireshark Wireshark
CVE-2026-6868Same product: Wireshark Wireshark

Affected Assets

wireshark
wireshark
4.2.0 — 4.2.10 · 4.4.0 — 4.4.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely identification, reporting, and remediation of flaws in Wireshark directly prevents denial-of-service crashes from crafted Bundle Protocol or CBOR packets and capture files.

prevent

Receiving, disseminating, and implementing Wireshark security alerts and advisories like WNPA-SEC-2025-01 ensures prompt patching of CVE-2025-1492.

prevent

Policies enforcing approval, scanning, and monitoring of user-installed software like vulnerable Wireshark versions mitigate risks from unpatched installations.

References