CVE-2025-68206Linux vulnerability

22 documents9 sources
Severity
6.4MEDIUM
No vector
EPSS
0.1%
top 79.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
LinuxLinux KernelDebian Linux+12 more
Timeline
PublishedDec 16
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control connection. This can require changes to the TCP length and expected seq / ack_seq. The easiest way to reproduce this issue is with PASV mode. Example ruleset: table inet ftp_nat { ct helper ftp_helper { type "ftp" protocol

Affected Packages17 packages

Linuxlinux/linux_kernel4.12.06.1.167+3
Debianlinux/linux_kernel< 6.12.69-1+1
Ubuntulinux/linux_kernel< 6.17.0-14.14

🔴Vulnerability Details

8
OSV
linux-azure vulnerabilities2026-02-24
OSV
linux-oem-6.17 vulnerabilities2026-02-17
OSV
linux-aws, linux-oracle vulnerabilities2026-02-17
OSV
linux-gcp vulnerabilities2026-02-12
OSV
linux, linux-raspi, linux-realtime vulnerabilities2026-02-12

📋Vendor Advisories

11
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16
Ubuntu
Linux kernel (Azure) vulnerabilities2026-02-24

🕵️Threat Intelligence

1
Wiz
CVE-2025-68206 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2025-68206 kernel: netfilter: nft_ct: add seqadj extension for natted connections2025-12-16
CVE-2025-68206 — Linux vulnerability | cvebase