CVE-2025-68382Out-of-bounds Read in Elasticsearch Packetbeat

CWE-125Out-of-bounds Read4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 81.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Elasticsearch PacketbeatElastic Packetbeat
Timeline
PublishedDec 18
Latest updateDec 19

Description

Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDelasticsearch/packetbeat8.0.08.19.9+3
CVEListV5elastic/packetbeat7.0.07.17.29+3

🔴Vulnerability Details

2
GHSA
GHSA-f3fv-24f6-354v: Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leadin2025-12-19
CVEList
Packetbeat Out-of-bounds Read2025-12-18

🕵️Threat Intelligence

1
Wiz
CVE-2025-68382 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-68382 — Out-of-bounds Read in Elasticsearch | cvebase