PT-2025-48095 · Victoriametrics · Victoriametrics

Published

2025-11-25

Updated

2026-01-06

CVE-2025-65942

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions VictoriaMetrics versions 1.0.0 through 1.110.22 VictoriaMetrics versions 1.111.0 through 1.122.7 VictoriaMetrics versions 1.123.0 through 1.129.0

Description The software is susceptible to Denial of Service (DoS) attacks. The snappy decoder did not enforce VictoriaMetrics request size limits, allowing malformed blocks to cause excessive memory consumption, potentially leading to Out Of Memory (OOM) errors and service instability. The issue is addressed by enforcing block-size checks based on MaxRequest limits.

Recommendations Update to VictoriaMetrics version 1.110.23 or later. Update to VictoriaMetrics version 1.122.8 or later. Update to VictoriaMetrics version 1.129.1 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-65942

GHSA-66JQ-2C23-2XH5

GO-2025-4161

SUSE-SU-2026:0037-1

Affected Products

Victoriametrics

PT-2025-48095 · Victoriametrics · Victoriametrics

CVE-2025-65942

Weakness Enumeration

Related Identifiers

Affected Products

References · 97