CRITICAL🇵🇱 Wersja polska

CVE-2025-68615

CVSS 9.8v3.1pub. 2025-12-23upd. 2026-02-19

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

🤖 AI Analysis
How it works

An attacker sends a specially crafted network packet to the running snmptrapd daemon. The daemon improperly handles incoming data, leading to a buffer overflow (CWE-119). As a result, the daemon crashes. The vulnerability does not require any user interaction or system privileges.

Impact

An attacker can cause the snmptrapd daemon to crash, resulting in loss of availability of the SNMP monitoring system. Due to the critical CVSS score including high ratings for confidentiality and integrity, the vulnerability may potentially enable arbitrary code execution.

Mitigation & patch

net-snmp should be updated to version 5.9.5 or 5.10.pre2, in which the bug has been fixed. Debian Linux users should apply updates available through the official distribution repositories. As a temporary workaround, it is recommended to restrict network access to the snmptrapd daemon port only to trusted hosts using firewall rules.

Who is affected

net-snmp in versions prior to 5.9.5 and prior to 5.10.pre2, including packages provided by Debian Linux

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Debian

    OS
    Debian
    11.0
  • Net Snmp

    APP
    Net-Snmp
    5.10< 5.9.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki