CVE-2025-1492
7.5
HIGH
CVSS 3.1
EPSS 0.05%
Description
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
How to fix CVE-2025-1492
To remediate CVE-2025-1492, upgrade the affected package to a fixed version below.
- Debian/wireshark—upgrade to 4.0.17-0+deb12u2 or later
Is CVE-2025-1492 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.0.17-0+deb12u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |