CVE-2025-13674 – A vulnerability in Wireshark's BPv7 dissector c... (How to Fix)

Q: What is the severity of CVE-2025-13674?

CVE-2025-13674 has a CVSS score of 5.5 (MEDIUM). A vulnerability in Wireshark's BPv7 dissector causes the application to crash when processing specially crafted network packets, leading to denial of service. This affects users running Wireshark 4.6.0 to capture or analyze network traffic containing Bundle Protocol version 7 packets.

📋 TL;DR

A vulnerability in Wireshark's BPv7 dissector causes the application to crash when processing specially crafted network packets, leading to denial of service. This affects users running Wireshark 4.6.0 to capture or analyze network traffic containing Bundle Protocol version 7 packets.

💻 Affected Systems

Products:

Wireshark

Versions: 4.6.0 only

Operating Systems: All platforms running Wireshark

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Wireshark processes BPv7 packets; BPv7 is used in delay-tolerant networking.

📦 What is this software?

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark crashes repeatedly when processing malicious BPv7 packets, preventing network analysis and potentially disrupting monitoring workflows.

🟠

Likely Case

Accidental or malicious BPv7 packets cause Wireshark to crash, requiring restart and potentially losing capture data.

🟢

If Mitigated

Limited impact as Wireshark restarts quickly, though analysis interruptions may occur.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; it's an analysis tool.

🏢 Internal Only: MEDIUM - Internal attackers could craft packets to crash Wireshark instances used for network monitoring.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted BPv7 packets to a network segment where Wireshark is capturing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.1 or later

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2025-05.html

Restart Required: Yes

Instructions:

1. Download Wireshark 4.6.1 or later from wireshark.org. 2. Install over existing version. 3. Restart Wireshark.

🔧 Temporary Workarounds

Disable BPv7 dissector

all

Prevent Wireshark from processing BPv7 packets by disabling the dissector.

wireshark -o "uat:user_dlts:\"User 0 (DLT=147)\",\"bundle\",\"\",\"0\",\"\""

🧯 If You Can't Patch

Restrict network access to Wireshark systems to prevent malicious packet injection.
Monitor for Wireshark crash events and implement automatic restart mechanisms.

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version: Help → About Wireshark. If version is exactly 4.6.0, system is vulnerable.

Check Version:

wireshark -v | grep "Wireshark"

Verify Fix Applied:

Verify version is 4.6.1 or later in Help → About Wireshark.

📡 Detection & Monitoring

Log Indicators:

Wireshark crash logs in system event logs
Application error events mentioning Wireshark

Network Indicators:

Unusual BPv7 packet patterns targeting monitoring segments

SIEM Query:

EventID=1000 AND SourceName="Wireshark.exe" OR ProcessName="wireshark" AND EventData contains "fault"

📊 Metadata

CVE ID: CVE-2025-13674

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-824

EPSS Score: 0.01% exploit probability (0.8th percentile)

Published: November 26, 2025

Last Updated: December 3, 2025

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/20770 Issue Tracking,Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2025-05.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13674, you might also want to check these: