Denial of Service Vulnerability in Wireshark by The Wireshark Project
CVE-2025-13945

5.5MEDIUM

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-13945?

A vulnerability exists in the HTTP3 dissector of Wireshark versions 4.6.0 and 4.6.1 that can lead to a crash, potentially enabling denial of service conditions. By exploiting this issue, malicious individuals may disrupt network traffic analysis and hinder the functionality of Wireshark, which is critical for effective protocol analysis and network troubleshooting. Users are advised to be aware of this vulnerability and consider updating to a patched version to maintain operational integrity.

Affected Version(s)

Wireshark 4.6.0 < 4.6.1

References

https://www.wireshark.org/security/wnpa-sec-2025-07.html

https://gitlab.com/wireshark/wireshark/-/issues/20860

issue-trackingpermissions-required

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Dec 3, 2025

Credit

Sébastien Féry

JSON