Skip to main content

CVE-2025-48964: n/a

Medium
VulnerabilityCVE-2025-48964cvecve-2025-48964
Published: Tue Jul 22 2025 (07/22/2025, 00:00:00 UTC)
Source: CVE Database V5

Description

ping in iputils through 20240905 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

AI-Powered Analysis

AILast updated: 07/22/2025, 18:01:12 UTC

Technical Analysis

CVE-2025-48964 is a denial of service (DoS) vulnerability affecting the 'ping' utility within the iputils package, as of the version dated 2024-09-05. The vulnerability arises from improper handling of ICMP Echo Reply packets in adaptive ping mode. Specifically, when the timestamp field in the ICMP payload is zero, the program performs a calculation that leads to integer overflow during statistical computations. This overflow occurs because the zero timestamp results in large intermediate values that, when squared, exceed the integer limits. The root cause is an incomplete fix for a previous vulnerability (CVE-2025-47268), which addressed timestamp calculations but failed to consider the zero timestamp scenario. Exploiting this vulnerability requires sending a crafted ICMP Echo Reply packet to the target system running the vulnerable ping utility. The consequence is an application error causing the ping process to crash or become unresponsive, resulting in denial of service. There are no known public exploits currently in the wild, and no CVSS score has been assigned yet. The vulnerability affects systems that utilize the vulnerable iputils ping implementation, which is common in many Linux distributions and network diagnostic tools. Since the issue is triggered by network packets, exploitation can be attempted remotely without authentication or user interaction, assuming the target system processes ICMP Echo Replies and runs the vulnerable ping utility in adaptive mode.

Potential Impact

For European organizations, this vulnerability could disrupt network diagnostics and monitoring activities that rely on the ping utility, potentially delaying detection and response to network issues. While the impact is limited to denial of service of the ping application itself and does not directly compromise system confidentiality or integrity, the inability to perform reliable ping operations can hinder network troubleshooting and automated monitoring systems. In critical infrastructure sectors, such as telecommunications, energy, and finance, where network reliability and monitoring are essential, this could indirectly affect operational continuity. Additionally, attackers could leverage this vulnerability as part of a broader attack strategy to degrade network visibility or to distract security teams during more sophisticated intrusions. Since the vulnerability does not require authentication and can be triggered remotely, it poses a risk to exposed systems that allow ICMP traffic. However, the scope is limited to systems running the vulnerable ping utility in adaptive mode and processing crafted ICMP Echo Replies.

Mitigation Recommendations

Organizations should promptly update the iputils package to a version where this vulnerability is fully addressed, ensuring that the zero timestamp scenario is correctly handled. If patches are not yet available, consider disabling adaptive ping mode or restricting ICMP Echo Reply traffic at network boundaries using firewalls or intrusion prevention systems to block malformed ICMP packets. Network monitoring tools should be configured to detect unusual ICMP traffic patterns indicative of exploitation attempts. Additionally, organizations should audit their systems to identify where the vulnerable ping utility is used, especially in automated scripts or monitoring solutions, and apply compensating controls such as limiting ping usage or replacing it with alternative tools not affected by this vulnerability. Regular vulnerability scanning and penetration testing should include checks for this issue once detection signatures are available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-05-29T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 687fce60a83201eaac1e16a8

Added to database: 7/22/2025, 5:46:08 PM

Last enriched: 7/22/2025, 6:01:12 PM

Last updated: 8/15/2025, 8:40:37 PM

Views: 26

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats