CVE-2025-68615 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Net-snmp

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 54.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Linux

Timeline

PublishedDec 23

Latest updateJan 7

Description

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5net-snmp/net-snmp< 5.9.5+1

▶NVDnet-snmp/net-snmp< 5.9.5+1

▶Debiannet-snmp/net-snmp< 5.9+dfsg-4+deb11u3+3

Also affects: Debian Linux 11.0

🔴Vulnerability Details

OSV

CVE-2025-68615: net-snmp is a SNMP application library, tools and daemon↗2025-12-23

▶

CVEList

Net-SNMP snmptrapd crash↗2025-12-22

▶

📋Vendor Advisories

Ubuntu

Net-SNMP vulnerability↗2026-01-07

▶

Red Hat

net-snmp: buffer overflow via a specially crafted packet can cause a crash in snmptrapd↗2025-12-22

▶

Microsoft

Net-SNMP snmptrapd crash↗2025-12-09

▶

Debian

CVE-2025-68615: net-snmp - net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9....↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-68615 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶