CVE-2025-68383
published 2025-12-18CVE-2025-68383: Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to…
PriorityP424medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
0.17%
6.5th percentile
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | filebeat | 7.0.0 – 7.17.29 | — |
| elastic | filebeat | >= 8.0.0 < 8.19.9 | 8.19.9 |
| elastic | filebeat | 8.0.0 – 8.19.8 | — |
| elastic | filebeat | >= 9.0.0 < 9.1.9 | 9.1.9 |
| elastic | filebeat | 9.0.0 – 9.1.8 | — |
| elastic | filebeat | >= 9.2.0 < 9.2.3 | 9.2.3 |
| elastic | filebeat | 9.2.0 – 9.2.2 | — |
| github.com | elastic_beats | 0 – 7.6.2 | — |
| github.com | elastic_beats_v7 | >= 0 < 7.0.0-alpha2.0.20251204214633-dd3af18220bf | 7.0.0-alpha2.0.20251204214633-dd3af18220bf |
| github.com | elastic_beats_v7 | >= 7.7.0 < 8.19.9 | 8.19.9 |
| github.com | elastic_beats_v7 | >= 7.7.0 | — |
| github.com | elastic_beats_v7 | >= 9.0.0 < 9.1.9 | 9.1.9 |
| github.com | elastic_beats_v7 | >= 9.2.0 < 9.2.3 | 9.2.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats
osv·2026-01-23
CVE-2025-68383 Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats
Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats
Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats
OSV
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
osv·2025-12-19
CVE-2025-68383 [MEDIUM] Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
GHSA
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
ghsa·2025-12-19
CVE-2025-68383 [MEDIUM] CWE-120 Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration
Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
No detection rules found.
No public exploits indexed.
2025-12-18
Published