216.73.217.145

CVE-2025-40820

· Published 09/12/2025 16:17 · Modified 09/12/2025 18:36

Labels: CVE-2025-40820 2025-12-09CVE-2025-40820CWE-940[email protected]

Essential information

Published
09/12/2025 16:17
Modified
09/12/2025 18:36
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only if an attacker can inject IP packets with spoofed addresses at precisely timed moments, and it affects only TCP-based services.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References