CVE-2025-68615NVD

Vulnerability Summary

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2.

Severity Level

CRITICAL(9.8)

Published Date

Dec 23, 2025

Last Modified

Feb 19, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.23%Probability

Root Weakness (CWE)

CWE-119: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
http://www.openwall.com/lists/oss-security/2026/01/09/2
https://lists.debian.org/debian-lts-announce/2026/01/msg00000.html
https://www.vicarius.io/vsociety/posts/cve-2025-68615-detection-script-buffer-overflow-vulnerability-affecting-net-snmp
https://www.vicarius.io/vsociety/posts/cve-2025-68615-mitigation-script-buffer-overflow-vulnerability-affecting-net-snmp