Wireshark 4.4.4 Released: Update Now to Ensure Security!
The Wireshark Foundation has released version 4.4.4 of its popular network protocol analyzer. This update fixes a high-risk vulnerability, CVE-2025-1492, which allowed attackers to send malicious packets and launch Denial-of-Service (DoS) attacks.
This vulnerability was linked to Wireshark’s Bundle Protocol and CBOR dissectors. It caused program crashes, infinite loops, and memory leaks when processing specially crafted network traffic.
This marks the fourth security update in the Wireshark 4.4.x series, once again highlighting the continuous risks associated with network analysis tools.
💡 The CVE-2025-1492 vulnerability received a 7.8 (High) score on the CVSS v3.1 scale. It affects Wireshark versions 4.4.0 – 4.4.3 and 4.2.0 – 4.2.10.
If attackers exploit this vulnerability, they could:
✔ Crash Wireshark, halting network diagnostics.
✔ Disrupt critical services, potentially leading to widespread issues.
✔ Disable network monitoring, enabling hidden cyberattacks.
Wireshark security experts detected this flaw using fuzz testing, a method that injects random or invalid data to uncover weaknesses.
Similar vulnerabilities have been previously discovered in the Bluetooth, Radiotap, and AVDTP dissectors (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058), where specially crafted packets or trace files could crash Wireshark.
In addition to patching CVE-2025-1492, this update also addresses 13 other issues, including:
🔹 Network interface performance problems
🔹 Errors in DNS query processing
🔹 Inaccuracies in JA4 fingerprinting
⚠ No authentication or user interaction is required for this exploit! Simply injecting malicious packets is enough to trigger the attack.
Organizations relying on Wireshark for network forensics and troubleshooting are at high risk. A prolonged outage could hide active cyber threats and delay response times.
The Wireshark Foundation emphasized:
🗣️ “Network analysis tools must be continuously protected against malicious packets. This patch strengthens stability and prevents the exploitation of rare vulnerabilities.”
Security Recommendations
1️⃣ Update Wireshark Immediately!
📌 Wireshark 4.4.4 is available for Windows, macOS, and Linux on the official website and via package managers.
📌 Enterprise users should deploy updates automatically to ensure security.
2️⃣ Protect Critical Network Components
🔹 Verify network capture files before analyzing them.
🔹 Implement network segmentation to limit exposure to malicious traffic.
🔹 Use security monitoring systems (e.g., SIEM) to detect anomalies.
3️⃣ Do Not Run Wireshark with Administrator Privileges!
❌ Never run Wireshark as root or with administrator rights!
✔ Running it with minimal privileges reduces the risk of exploitation.
4️⃣ Strengthen Network Security
✅ Use firewalls to restrict Wireshark’s access to network interfaces.
✅ Enable malicious traffic filtering to prevent DoS attacks.
Although Wireshark 4.4.4 has patched the CVE-2025-1492 vulnerability, updating alone is not enough to ensure complete security.
🔹 Regularly update Wireshark
🔹 Avoid running it with elevated privileges
🔹 Implement additional security measures against malicious packets
Wireshark remains a critical tool for network traffic analysis, used by over 80% of enterprises worldwide. Keeping it secure is essential for maintaining cybersecurity.
🚀 Update to the latest version and enhance your security measures today!
