CVE-2025-68615

CriticalPublic PoC

Published: 23 December 2025

Published

23 December 2025

Modified

19 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0027 50.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in…

versions 5.9.5 and 5.10.pre2.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the buffer overflow vulnerability in net-snmp snmptrapd by requiring timely patching to versions 5.9.5 or 5.10.pre2.

SC-7 Boundary Protection good match

prevent

Prevents specially crafted SNMP trap packets from reaching the vulnerable snmptrapd daemon through boundary protection mechanisms like firewalls restricting UDP port 162 access.

SI-10 Information Input Validation good match

prevent

Mandates validation of incoming SNMP trap packet inputs to block malformed data that triggers the buffer overflow in snmptrapd.

Security SummaryAI

CVE-2025-68615 is a buffer overflow vulnerability (CWE-119) affecting the net-snmp snmptrapd daemon in versions prior to 5.9.5 and 5.10.pre2. net-snmp is an SNMP application library, tools, and daemon. The flaw is triggered by a specially crafted packet sent to the daemon, resulting in a buffer overflow that causes the daemon to crash. Published on 2025-12-23, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction. By sending a malicious packet to an exposed snmptrapd instance, the attacker can trigger the buffer overflow, leading to high impacts on confidentiality, integrity, and availability, including denial of service via daemon crash and potential for greater compromise such as code execution.

The vulnerability has been addressed in net-snmp versions 5.9.5 and 5.10.pre2. Official advisories detail the patch on the net-snmp GitHub security page (GHSA-4389-rwqf-q9gq), oss-security mailing list (2026/01/09/2), and Debian LTS announce (2026/01/msg00000.html). Vicarius provides supplementary resources including a detection script and mitigation script for affected systems.

Details

CWE(s): CWE-119

Affected Products

net-snmp

5.10 · ≤ 5.9.5

debian

debian linux

11.0

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated buffer overflow in exposed snmptrapd daemon via crafted SNMP trap packets enables exploitation of a public-facing network service (T1190, T1210), leading to DoS crash with potential RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
Vendor Advisory · security-advisories@github.com
http://www.openwall.com/lists/oss-security/2026/01/09/2
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2026/01/msg00000.html
Vendor Advisory, Mailing List · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-68615-detection-script-buffer-overflow-vulnerability-affecting-net-snmp
Mitigation, Third Party Advisory, Exploit · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-68615-mitigation-script-buffer-overflow-vulnerability-affecting-net-snmp
Mitigation, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108