CVE-2025-48964 (GCVE-0-2025-48964)

Vulnerability from cvelistv5 – Published: 2025-07-22 00:00 – Updated: 2025-08-26 18:49
VLAI
Summary
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
iputils iputils Affected: 0 , < 20250602 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48964",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T18:00:42.570227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T18:49:09.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "iputils",
          "vendor": "iputils",
          "versions": [
            {
              "lessThan": "20250602",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:iputils:iputils:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "20250602",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190 Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-23T15:08:46.945Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/iputils/iputils/issues"
        },
        {
          "url": "https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1243772"
        },
        {
          "url": "https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c"
        },
        {
          "url": "https://github.com/iputils/iputils/releases/tag/20250602"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-48964",
    "datePublished": "2025-07-22T00:00:00.000Z",
    "dateReserved": "2025-05-29T00:00:00.000Z",
    "dateUpdated": "2025-08-26T18:49:09.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-48964",
      "date": "2026-06-13",
      "epss": "0.00507",
      "percentile": "0.66834"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48964\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-07-22T18:15:36.020\",\"lastModified\":\"2025-08-26T19:15:41.143\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).\"},{\"lang\":\"es\",\"value\":\"El ping en iputils hasta la versi\u00f3n 20240905 permite una denegaci\u00f3n de servicio (error de aplicaci\u00f3n en modo ping adaptativo o recopilaci\u00f3n incorrecta de datos) mediante un paquete de respuesta de eco ICMP manipulado, ya que una marca de tiempo cero puede generar valores intermedios grandes que presentan un desbordamiento de enteros al elevarlos al cuadrado durante los c\u00e1lculos estad\u00edsticos. NOTA: Este problema existe debido a una correcci\u00f3n incompleta para CVE-2025-47268 (dicha correcci\u00f3n solo afectaba a los c\u00e1lculos de marca de tiempo y no contemplaba un escenario espec\u00edfico donde la marca de tiempo original en la payload ICMP es cero).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1243772\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/iputils/iputils/issues\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/iputils/iputils/releases/tag/20250602\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9\",\"source\":\"cve@mitre.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48964\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-22T18:00:42.570227Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-22T18:01:23.082Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\"}}], \"affected\": [{\"vendor\": \"iputils\", \"product\": \"iputils\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"20250602\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/iputils/iputils/issues\"}, {\"url\": \"https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9\"}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1243772\"}, {\"url\": \"https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c\"}, {\"url\": \"https://github.com/iputils/iputils/releases/tag/20250602\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:iputils:iputils:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"20250602\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-07-23T15:08:46.945Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48964\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-26T18:49:09.084Z\", \"dateReserved\": \"2025-05-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-07-22T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.