Login Sign Up

CVE-2025-68615

9.8 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in net-snmp's snmptrapd daemon allows remote attackers to crash the service via specially crafted SNMP trap packets. This affects all systems running vulnerable versions of net-snmp with snmptrapd enabled. The high CVSS score indicates potential for remote code execution.

💻 Affected Systems

Products:
  • net-snmp
Versions: All versions prior to 5.9.5 and 5.10.pre2
Operating Systems: Linux, Unix, BSD, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with snmptrapd daemon running. Default installations may not have this enabled.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Net Snmp by Net Snmp

View all CVEs affecting Net Snmp →

Net Snmp by Net Snmp

View all CVEs affecting Net Snmp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, service disruption, and potential lateral movement.

🟠

Likely Case

Denial of service through daemon crash, potentially disrupting SNMP monitoring and management.

🟢

If Mitigated

Limited to service disruption if proper network segmentation and access controls prevent exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted SNMP trap packets to the vulnerable daemon.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.9.5 or 5.10.pre2

Vendor Advisory: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq

Restart Required: Yes

Instructions:

1. Update net-snmp to version 5.9.5 or higher. 2. For Debian/Ubuntu: apt update && apt upgrade net-snmp. 3. For RHEL/CentOS: yum update net-snmp. 4. Restart snmptrapd service.

🔧 Temporary Workarounds

Disable snmptrapd

linux

Stop and disable the vulnerable snmptrapd daemon if not required.

systemctl stop snmptrapd
systemctl disable snmptrapd

Network Access Control

linux

Restrict SNMP trap port (default 162) access to trusted sources only.

iptables -A INPUT -p udp --dport 162 -s trusted_ip -j ACCEPT
iptables -A INPUT -p udp --dport 162 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate SNMP traffic.
  • Deploy intrusion detection/prevention systems to monitor for SNMP exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check net-snmp version: snmptrapd -v 2>&1 | head -1

Check Version:

snmptrapd -v 2>&1 | head -1

Verify Fix Applied:

Verify version is 5.9.5 or higher: snmptrapd -v 2>&1 | grep -E '5\.9\.5|5\.10'

📡 Detection & Monitoring

Log Indicators:

  • snmptrapd crash logs in systemd journal or syslog
  • Unexpected SNMP trap packets from untrusted sources

Network Indicators:

  • Unusual SNMP trap traffic patterns
  • Malformed SNMP packets to port 162

SIEM Query:

source="snmptrapd" AND (event="crash" OR event="segfault")

📊 Metadata

CVE ID: CVE-2025-68615
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.06% exploit probability (19.9th percentile)
Published: December 23, 2025
Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68615, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)