Denial of Service Vulnerability in Wireshark by The Wireshark Foundation
CVE-2025-5601

7.8HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 4 June 2025

What is CVE-2025-5601?

Wireshark versions 4.4.0 through 4.4.6 and 4.2.0 through 4.2.12 are susceptible to a denial of service vulnerability caused by improper handling of columns. An attacker can exploit this vulnerability through packet injection or by embedding malicious code within specially crafted capture files, leading to potential application crashes and interruption of service. It is crucial for users of affected versions to be aware of this issue and to apply recommended patches to mitigate risks.

Affected Version(s)

Wireshark 4.4.0 < 4.4.7

Wireshark 4.2.0 < 4.2.13

References

https://www.wireshark.org/security/wnpa-sec-2025-02.html

https://gitlab.com/wireshark/wireshark/-/issues/20509

issue-trackingpermissions-required

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Jun 4, 2025