CVE-2025-68615

CriticalPublic PoC

Published: 23 December 2025

Published

23 December 2025

Modified

19 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0034 57.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68615 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Net-Snmp Net-Snmp. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 42.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the buffer overflow vulnerability in net-snmp snmptrapd by requiring timely patching to versions 5.9.5 or 5.10.pre2.

SC-7 Boundary Protection good match

prevent

Prevents specially crafted SNMP trap packets from reaching the vulnerable snmptrapd daemon through boundary protection mechanisms like firewalls restricting UDP port 162 access.

SI-10 Information Input Validation good match

prevent

Mandates validation of incoming SNMP trap packet inputs to block malformed data that triggers the buffer overflow in snmptrapd.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated buffer overflow in exposed snmptrapd daemon via crafted SNMP trap packets enables exploitation of a public-facing network service (T1190, T1210), leading to DoS crash with potential RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in…

versions 5.9.5 and 5.10.pre2.

Deeper analysisAI

CVE-2025-68615 is a buffer overflow vulnerability (CWE-119) affecting the net-snmp snmptrapd daemon in versions prior to 5.9.5 and 5.10.pre2. net-snmp is an SNMP application library, tools, and daemon. The flaw is triggered by a specially crafted packet sent to the daemon, resulting in a buffer overflow that causes the daemon to crash. Published on 2025-12-23, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction. By sending a malicious packet to an exposed snmptrapd instance, the attacker can trigger the buffer overflow, leading to high impacts on confidentiality, integrity, and availability, including denial of service via daemon crash and potential for greater compromise such as code execution.

The vulnerability has been addressed in net-snmp versions 5.9.5 and 5.10.pre2. Official advisories detail the patch on the net-snmp GitHub security page (GHSA-4389-rwqf-q9gq), oss-security mailing list (2026/01/09/2), and Debian LTS announce (2026/01/msg00000.html). Vicarius provides supplementary resources including a detection script and mitigation script for affected systems.

Details

CWE(s): CWE-119

Affected Products

net-snmp

5.10 · ≤ 5.9.5

debian

debian linux

11.0

CVEs Like This One

CVE-2025-62799Same product: Debian Debian Linux

CVE-2025-2521Shared CWE-119

CVE-2026-24061Same product: Debian Debian Linux

CVE-2025-68670Same product: Debian Debian Linux

CVE-2025-0838Same product: Debian Debian Linux

CVE-2024-46981Same product: Debian Debian Linux

CVE-2025-30437Shared CWE-119

CVE-2025-9251Shared CWE-119

CVE-2025-7775Shared CWE-119

CVE-2025-33077Shared CWE-119

References

https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
Vendor Advisory · security-advisories@github.com
http://www.openwall.com/lists/oss-security/2026/01/09/2
Mailing List, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2026/01/msg00000.html
Vendor Advisory, Mailing List · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-68615-detection-script-buffer-overflow-vulnerability-affecting-net-snmp
Mitigation, Third Party Advisory, Exploit · af854a3a-2127-422b-91ae-364da2661108
https://www.vicarius.io/vsociety/posts/cve-2025-68615-mitigation-script-buffer-overflow-vulnerability-affecting-net-snmp
Mitigation, Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108