CVE-2025-13945 – A vulnerability in Wireshark's HTTP3 dissector ... (How to Fix)

Q: What is the severity of CVE-2025-13945?

CVE-2025-13945 has a CVSS score of 5.5 (MEDIUM). A vulnerability in Wireshark's HTTP3 dissector causes a crash when processing malformed packets, leading to denial of service. This affects users running Wireshark 4.6.0 or 4.6.1 for network analysis. The crash occurs during packet capture or analysis of HTTP3 traffic.

📋 TL;DR

A vulnerability in Wireshark's HTTP3 dissector causes a crash when processing malformed packets, leading to denial of service. This affects users running Wireshark 4.6.0 or 4.6.1 for network analysis. The crash occurs during packet capture or analysis of HTTP3 traffic.

💻 Affected Systems

Products:

Wireshark

Versions: 4.6.0 through 4.6.1

Operating Systems: Windows, Linux, macOS, Unix variants

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Wireshark is actively capturing or analyzing network traffic containing HTTP3 packets.

📦 What is this software?

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark crashes repeatedly when encountering malicious HTTP3 packets, preventing network analysis and disrupting monitoring workflows.

🟠

Likely Case

Accidental exposure to malformed HTTP3 traffic causes Wireshark to crash, requiring restart and potentially losing capture data.

🟢

If Mitigated

With updated versions, no impact; with workarounds, limited functionality for HTTP3 analysis but stable operation.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; exploitation requires sending packets to the monitoring interface.

🏢 Internal Only: MEDIUM - Internal attackers could craft packets to crash Wireshark instances used for network monitoring.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires sending malformed HTTP3 packets to the monitored network.

Exploitation is straightforward but requires network access to the monitored segment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Wireshark 4.6.2 or later

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2025-07.html

Restart Required: Yes

Instructions:

1. Download Wireshark 4.6.2 or later from wireshark.org. 2. Install over existing version. 3. Restart Wireshark and any related services.

🔧 Temporary Workarounds

Disable HTTP3 dissector

all

Prevents Wireshark from processing HTTP3 packets, avoiding the crash.

Edit preferences -> Protocols -> HTTP3 -> Uncheck 'Enable HTTP3 dissection'

🧯 If You Can't Patch

Restrict network access to Wireshark monitoring interfaces to trusted sources only.
Use network segmentation to isolate HTTP3 traffic from Wireshark instances.

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version via Help -> About Wireshark; if version is 4.6.0 or 4.6.1, it is vulnerable.

Check Version:

wireshark -v | grep 'Wireshark' (Linux/macOS) or check via GUI on Windows.

Verify Fix Applied:

After updating, confirm version is 4.6.2 or later in Help -> About Wireshark.

📡 Detection & Monitoring

Log Indicators:

Wireshark crash logs or core dumps in system logs.

Network Indicators:

Unusual HTTP3 packets with malformed structures sent to monitored networks.

SIEM Query:

Event logs showing Wireshark process termination or application crashes.

📊 Metadata

CVE ID: CVE-2025-13945

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-1325

EPSS Score: 0.02% exploit probability (5th percentile)

Published: December 3, 2025

Last Updated: December 5, 2025

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/20860 Exploit,Issue Tracking,Patch,Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2025-07.html Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13945, you might also want to check these: