CVE-2025-68388
published 2025-12-18CVE-2025-68388: Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory…
PriorityP432medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.31%
22.5th percentile
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | packetbeat | 8.6.0 – 8.19.8 | — |
| elastic | packetbeat | 9.0.0 – 9.1.8 | — |
| elastic | packetbeat | 9.2.0 – 9.2.2 | — |
| elasticsearch | packetbeat | >= 8.6.0 < 8.19.9 | 8.19.9 |
| elasticsearch | packetbeat | >= 9.0.0 < 9.1.9 | 9.1.9 |
| elasticsearch | packetbeat | >= 9.2.0 < 9.2.3 | 9.2.3 |
| github.com | elastic_beats | >= 8.6.0 < 8.19.9 | 8.19.9 |
| github.com | elastic_beats | >= 9.0.0 < 9.1.9 | 9.1.9 |
| github.com | elastic_beats | >= 9.2.0 < 9.2.3 | 9.2.3 |
| github.com | elastic_beats_v7 | >= 0 < 7.0.0-alpha2.0.20251209162832-28cfc80d2f4e | 7.0.0-alpha2.0.20251209162832-28cfc80d2f4e |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats
osv·2026-01-23
CVE-2025-68388 Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments in github.com/elastic/beats
OSV
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
osv·2025-12-19
CVE-2025-68388 [HIGH] Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat.
GHSA
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
ghsa·2025-12-19
CVE-2025-68388 [HIGH] CWE-770 Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
Elasticsearch Packetbeat has Excessive Allocation of Memory and CPU via Malicious IPv4 Fragments
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat.
No detection rules found.
No public exploits indexed.
2025-12-18
Published