Login Sign Up

CVE-2025-47268

6.5 MEDIUM
Denial of Service

📋 TL;DR

A signed 64-bit integer overflow vulnerability in iputils ping allows denial of service through crafted ICMP Echo Reply packets. This can cause ping to crash or collect incorrect round-trip time data. Systems using iputils ping versions before 20250602 are affected.

💻 Affected Systems

Products:
  • iputils ping
Versions: All versions before 20250602
Operating Systems: Linux distributions that include iputils
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where ping is actively running and receiving ICMP Echo Reply packets

📦 What is this software?

Iputils by Iputils Project

View all CVEs affecting Iputils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

ping process crashes, disrupting network diagnostics and monitoring tools that rely on ping functionality

🟠

Likely Case

ping crashes when processing malicious ICMP replies, causing temporary loss of ping functionality

🟢

If Mitigated

Minimal impact if ping is not critical for operations or if alternative network tools are available

🌐 Internet-Facing: MEDIUM - Attackers can send crafted ICMP packets to vulnerable systems, but requires ping to be actively running
🏢 Internal Only: LOW - Requires internal attacker or compromised system to send malicious packets

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept code is publicly available on GitHub. Exploitation requires sending crafted ICMP packets to a system running ping.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iputils 20250602 and later

Vendor Advisory: https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40

Restart Required: No

Instructions:

1. Update iputils package to version 20250602 or later. 2. For Linux distributions: Use package manager (apt, yum, dnf, etc.) to update iputils. 3. For source installations: Pull latest commit from GitHub repository.

🔧 Temporary Workarounds

Block ICMP Echo Reply packets

linux

Use firewall rules to block incoming ICMP Echo Reply packets

iptables -A INPUT -p icmp --icmp-type echo-reply -j DROP

Use alternative ping implementations

linux

Replace iputils ping with alternative implementations like busybox ping or nping

apt-get install busybox
yum install nmap-ncat

🧯 If You Can't Patch

  • Restrict ping usage to trusted networks only
  • Monitor for ping process crashes and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check iputils version: ping -V 2>&1 | grep iputils

Check Version:

ping -V 2>&1 | head -1

Verify Fix Applied:

Verify version is 20250602 or later: ping -V 2>&1 | grep -E 'iputils.*20250602|version.*20250602'

📡 Detection & Monitoring

Log Indicators:

  • ping process crashes in system logs
  • unexpected ping termination messages

Network Indicators:

  • Unusual ICMP Echo Reply packets with crafted timestamps

SIEM Query:

process:ping AND (event:crash OR event:terminated)

📊 Metadata

CVE ID: CVE-2025-47268
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-190
EPSS Score: 0.28% exploit probability (50.9th percentile)
Published: May 5, 2025
Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47268, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)