CVE-2025-68383Improper Validation of Specified Quantity in Input in Filebeat

CWE-1284Improper Validation of Specified Quantity in InputCWE-120Classic Buffer Overflow6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 81.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Elastic Beats V7Elastic FilebeatGithub.com Elastic Beats
Timeline
PublishedDec 18
Latest updateJan 23

Description

Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDelastic/filebeat8.0.08.19.9+3
CVEListV5elastic/filebeat7.0.07.17.29+3
Gogithub.com/elastic_beats_v77.7.08.19.9+4

🔴Vulnerability Details

4
OSV
Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in github.com/elastic/beats2026-01-23
OSV
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration2025-12-19
GHSA
Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration2025-12-19
CVEList
Filebeat Improper Validation of Specified Index, Position, or Offset in Input2025-12-18

🕵️Threat Intelligence

1
Wiz
CVE-2025-68383 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-68383 — Elastic Filebeat vulnerability | cvebase