PT-2025-52727 · Net Snmp+5 · Net-Snmp+5

Buddurid

·

Published

2025-12-22

·

Updated

2026-03-31

·

CVE-2025-68615

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions net-snmp versions prior to 5.9.5 net-snmp version 5.10.pre2
Description net-snmp is a SNMP application library, tools and daemon. A specially crafted packet sent to the snmptrapd daemon can cause a buffer overflow, potentially leading to a daemon crash and potentially remote code execution. The vulnerability stems from a lack of proper validation of the length of user-supplied data before copying it to a fixed-length stack-based buffer. The snmptrapd daemon listens on UDP port 162 by default. There is no mitigation available other than ensuring ports to snmptrapd are appropriately firewalled or by upgrading.
Recommendations Upgrade to net-snmp version 5.9.5 or later. Upgrade to net-snmp version 5.10.pre2 or later. Restrict access to the snmptrapd daemon to trusted networks. Ensure that SNMP ports are not exposed to public networks.

Exploit

Fix

RCE

DoS

Buffer Overflow

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2026:0668
ALSA-2026:0696
ALSA-2026:0750
AZL-72901
AZL-73175
BDU:2025-16314
CVE-2025-68615
DLA-4430-1
GHSA-4389-RWQF-Q9GQ
MGASA-2026-0008
OESA-2026-1227
OPENSUSE-SU-2026:10157-1
OPENSUSE-SU-2026:20383-1
RHSA-2026:0668
RHSA-2026:0696
RHSA-2026:0750
RHSA-2026:0810
RHSA-2026:0812
RHSA-2026:0813
RHSA-2026:0814
RHSA-2026:0815
RHSA-2026:0850
RHSA-2026:0851
RHSA-2026:0852
RHSA-2026:0853
RHSA-2026:0926
SUSE-SU-2026:0195-1
SUSE-SU-2026:0225-1
SUSE-SU-2026:0227-1
SUSE-SU-2026:0227-2
SUSE-SU-2026:0228-1
SUSE-SU-2026:20267-1
SUSE-SU-2026:20359-1
SUSE-SU-2026:20751-1
SUSE-SU-2026:20901-1
USN-7944-1
ZDI-25-1181

Affected Products

Debian
Linuxmint
Red Os
Rocky Linux
Ubuntu
Net-Snmp