CVE-2025-68468 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2025-68468?

CVE-2025-68468 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows remote attackers to crash the Avahi daemon by sending malicious mDNS announcements containing CNAME records with short TTLs. When these records expire, the daemon crashes due to improper handling. Systems running Avahi 0.9-rc2 or earlier are affected.

📋 TL;DR

This vulnerability allows remote attackers to crash the Avahi daemon by sending malicious mDNS announcements containing CNAME records with short TTLs. When these records expire, the daemon crashes due to improper handling. Systems running Avahi 0.9-rc2 or earlier are affected.

💻 Affected Systems

Products:

Avahi

Versions: 0.9-rc2 and earlier

Operating Systems: Linux distributions with Avahi installed

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with avahi-daemon running. Many Linux distributions include Avahi by default for service discovery.

📦 What is this software?

Avahi by Avahi

View all CVEs affecting Avahi →

Avahi by Avahi

View all CVEs affecting Avahi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service on the local network, disrupting service discovery and potentially affecting dependent applications that rely on Avahi for network services.

🟠

Likely Case

Avahi daemon crashes, requiring manual restart and temporarily breaking local network service discovery until restored.

🟢

If Mitigated

Minimal impact if Avahi is not running or if network filtering blocks mDNS traffic from untrusted sources.

🌐 Internet-Facing: LOW (Avahi typically operates on local networks only, not internet-facing)

🏢 Internal Only: MEDIUM (Exploitable from any device on the same local network segment)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires sending crafted mDNS packets to the target's network interface. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit f66be13d7f31a3ef806d226bf8b67240179d309a and later versions

Vendor Advisory: https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52

Restart Required: Yes

Instructions:

1. Update Avahi to a patched version from your distribution's repositories. 2. Restart avahi-daemon: 'sudo systemctl restart avahi-daemon' or 'sudo service avahi-daemon restart'.

🔧 Temporary Workarounds

Disable Avahi daemon

linux

Stop and disable the Avahi service if not needed

sudo systemctl stop avahi-daemon
sudo systemctl disable avahi-daemon

Block mDNS traffic

linux

Use firewall rules to block mDNS (port 5353/udp) from untrusted networks

sudo iptables -A INPUT -p udp --dport 5353 -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate Avahi services from untrusted devices
Monitor for avahi-daemon crashes and implement automatic restart scripts

🔍 How to Verify

Check if Vulnerable:

Check Avahi version: 'avahi-daemon --version' or 'dpkg -l | grep avahi' or 'rpm -q avahi'. If version is 0.9-rc2 or earlier, system is vulnerable.

Check Version:

avahi-daemon --version 2>&1 | head -1

Verify Fix Applied:

Verify Avahi version is newer than 0.9-rc2 and check that avahi-daemon is running without crashes after receiving mDNS traffic.

📡 Detection & Monitoring

Log Indicators:

Avahi daemon crash logs in systemd journal: 'journalctl -u avahi-daemon'
Segmentation fault or crash messages in /var/log/syslog

Network Indicators:

Unusual mDNS traffic with CNAME records and short TTL values
Multiple mDNS announcements from single source

SIEM Query:

source="avahi-daemon" AND ("segmentation fault" OR "crash" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2025-68468

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.04% exploit probability (10.9th percentile)

Published: January 12, 2026

Last Updated: January 16, 2026

🔗 References

https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a Patch
https://github.com/avahi/avahi/issues/683 Issue Tracking,Patch
https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68468, you might also want to check these: