CVE-2025-48964 is a denial of service (DoS) vulnerability affecting the 'ping' utility within the iputils package, as of the version dated 2024-09-05. The vulnerability arises from improper handling of ICMP Echo Reply packets in adaptive ping mode. Specifically, when the timestamp field in the ICMP payload is zero, the program performs a calculation that leads to integer overflow during statistical computations. This overflow occurs because the zero timestamp results in large intermediate values that, when squared, exceed the integer limits. The root cause is an incomplete fix for a previous vulnerability (CVE-2025-47268), which addressed timestamp calculations but failed to consider the zero timestamp scenario. Exploiting this vulnerability requires sending a crafted ICMP Echo Reply packet to the target system running the vulnerable ping utility. The consequence is an application error causing the ping process to crash or become unresponsive, resulting in denial of service. There are no known public exploits currently in the wild, and no CVSS score has been assigned yet. The vulnerability affects systems that utilize the vulnerable iputils ping implementation, which is common in many Linux distributions and network diagnostic tools. Since the issue is triggered by network packets, exploitation can be attempted remotely without authentication or user interaction, assuming the target system processes ICMP Echo Replies and runs the vulnerable ping utility in adaptive mode.

For European organizations, this vulnerability could disrupt network diagnostics and monitoring activities that rely on the ping utility, potentially delaying detection and response to network issues. While the impact is limited to denial of service of the ping application itself and does not directly compromise system confidentiality or integrity, the inability to perform reliable ping operations can hinder network troubleshooting and automated monitoring systems. In critical infrastructure sectors, such as telecommunications, energy, and finance, where network reliability and monitoring are essential, this could indirectly affect operational continuity. Additionally, attackers could leverage this vulnerability as part of a broader attack strategy to degrade network visibility or to distract security teams during more sophisticated intrusions. Since the vulnerability does not require authentication and can be triggered remotely, it poses a risk to exposed systems that allow ICMP traffic. However, the scope is limited to systems running the vulnerable ping utility in adaptive mode and processing crafted ICMP Echo Replies.

Organizations should promptly update the iputils package to a version where this vulnerability is fully addressed, ensuring that the zero timestamp scenario is correctly handled. If patches are not yet available, consider disabling adaptive ping mode or restricting ICMP Echo Reply traffic at network boundaries using firewalls or intrusion prevention systems to block malformed ICMP packets. Network monitoring tools should be configured to detect unusual ICMP traffic patterns indicative of exploitation attempts. Additionally, organizations should audit their systems to identify where the vulnerable ping utility is used, especially in automated scripts or monitoring solutions, and apply compensating controls such as limiting ping usage or replacing it with alternative tools not affected by this vulnerability. Regular vulnerability scanning and penetration testing should include checks for this issue once detection signatures are available.