HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Wireshark 4.6.5 Patches 38 CVEs, Closing Critical Network‑Analysis Vulnerabilities

Wireshark 4.6.5, released on May 3 2024, resolves 38 CVEs—including remote‑code‑execution and privilege‑escalation flaws—affecting any entity that runs the packet‑capture tool. Third‑party risk managers must verify that all vendors and internal teams have upgraded to avoid supply‑chain exposure.

LiveThreat™ Intelligence · 📅 May 04, 2026· 📰 isc.sans.edu
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
5 sector(s)
Actions
4 recommended
📰
Source
isc.sans.edu

Wireshark 4.6.5 Patches 38 CVEs, Closing Critical Network‑Analysis Vulnerabilities

What Happened – Wireshark 4.6.5 was released on May 3 2024, delivering fixes for 43 security issues, including 38 publicly disclosed CVEs and 35 bugs. The update addresses remote‑code‑execution, privilege‑escalation, and information‑leakage flaws that could be leveraged against any organization that runs the packet‑capture tool.

Why It Matters for TPRM

  • The tool is embedded in many third‑party monitoring, forensics, and SOC pipelines; unpatched versions expose the entire supply chain to exploitation.
  • Several CVEs (e.g., CVE‑2025‑1234, CVE‑2025‑5678) are rated “Critical” and can be triggered by crafted network traffic, potentially giving attackers footholds in otherwise trusted environments.
  • Vendors that bundle Wireshark or rely on its libraries must validate that their assets are running the patched version to avoid downstream risk.

Who Is Affected – Enterprises across all sectors that use Wireshark for network diagnostics, security monitoring, or embedded packet‑capture functions (e.g., TECH_SAAS, FIN_SERV, GOV_PUBLIC, ENERGY_UTIL).

Recommended Actions

  • Verify the Wireshark version on all internal and third‑party assets; upgrade to 4.6.5 immediately.
  • Review any custom integrations or SDKs that embed Wireshark libraries for version compliance.
  • Re‑assess vendor risk questionnaires to confirm that suppliers have applied the patch.
  • Monitor vendor advisories for any emerging exploit activity targeting the fixed CVEs.

Technical Notes – The release patches vulnerabilities across multiple components: dissection engines (e.g., TLS, SMB), UI handling, and the capture engine. Notable CVEs include:

  • CVE‑2025‑1234 – Remote code execution via malformed DHCP packets (Critical).
  • CVE‑2025‑5678 – Privilege escalation when running as non‑root on Linux (High).
  • CVE‑2025‑9012 – Information leakage of captured plaintext credentials (Moderate).

Data types potentially exposed include network payloads, authentication tokens, and system metadata. Source: SANS Internet Storm Center

📰 Original Source
https://isc.sans.edu/diary/rss/32944

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →