Denial of Service Vulnerability in Wireshark by The Wireshark Foundation
CVE-2025-5601

7.8HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 4 June 2025

🔔 Create Wireshark Vulnerability Alert

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-5601?

Wireshark versions 4.4.0 through 4.4.6 and 4.2.0 through 4.2.12 are susceptible to a denial of service vulnerability caused by improper handling of columns. An attacker can exploit this vulnerability through packet injection or by embedding malicious code within specially crafted capture files, leading to potential application crashes and interruption of service. It is crucial for users of affected versions to be aware of this issue and to apply recommended patches to mitigate risks.

Affected Version(s)

Wireshark 4.4.0 < 4.4.7

Wireshark 4.2.0 < 4.2.13

News Articles

Wireshark Vulnerability Allows Attackers to Launch DoS Attacks

This flaw, identified as "Dissection engine crash", stems from a bug in the column utility module used by Wireshark's dissectors.

thmubnail image

References

https://www.wireshark.org/security/wnpa-sec-2025-02.html

https://gitlab.com/wireshark/wireshark/-/issues/20509

issue-trackingpermissions-required

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 5, 2025
📰
First article discovered by GBHackers News
Jun 5, 2025
Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Jun 4, 2025

.