**Critical Net-SNMP Vulnerability (CVE-2025-68615) Enables RCE and DoS Attacks**
On December 24, 2025, a critical vulnerability (CVE-2025-68615) was disclosed in Net-SNMP, a widely used open-source suite for network monitoring and management. The flaw, rated 9.8 on the CVSS scale, affects the snmptrapd daemon, which processes SNMP trap messages from network devices.
Discovered by security researcher buddurid in collaboration with the Trend Micro Zero Day Initiative (ZDI), the vulnerability stems from a buffer overflow triggered by a specially crafted packet. While the advisory confirms the flaw can crash the daemon—resulting in a denial-of-service (DoS)—its high severity suggests potential for remote code execution (RCE) if exploited by skilled attackers.
Net-SNMP is a foundational tool for monitoring servers, routers, and switches, supporting SNMP v1, v2c, v3, AgentX, IPv4, IPv6, and Unix sockets. The vulnerability specifically impacts snmptrapd, which listens on UDP port 162 by default. If exposed to the internet, the service becomes a global attack vector.
Patches are available in Net-SNMP 5.9.5 and 5.10.pre2. The advisory warns that no mitigations exist beyond firewalling the service, recommending administrators restrict access to trusted internal IPs only. Organizations relying on Net-SNMP for network management are urged to apply updates immediately to prevent exploitation.
Source: https://www.redhotcyber.com/en/post/critical-net-snmp-vulnerability-exposes-networks-to-rce-attacks/
Net-Monitor Ltd. cybersecurity rating report: https://www.rankiteo.com/company/net-monitor
"id": "NET1766986296",
"linkid": "net-monitor",
"type": "Vulnerability",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Network Administration',
'IT Infrastructure'],
'location': 'Global',
'type': 'Organizations using Net-SNMP'}],
'attack_vector': 'Network (Specially crafted SNMP trap packet)',
'date_detected': '2025-12-24',
'date_publicly_disclosed': '2025-12-24',
'description': 'A critical vulnerability (CVE-2025-68615) has been discovered '
'in the Net-SNMP software suite, widely used for network '
'management and monitoring. The flaw, a classic buffer '
'overflow, allows an attacker to crash the snmptrapd daemon or '
'potentially execute remote code by sending a specially '
'crafted packet. The vulnerability has a CVSS score of 9.8, '
'indicating high risk.',
'impact': {'downtime': 'Potential denial of service (DoS)',
'operational_impact': 'Disruption of network monitoring and '
'management',
'systems_affected': 'Network management systems using Net-SNMP '
'snmptrapd'},
'investigation_status': 'Vulnerability disclosed and patched',
'post_incident_analysis': {'corrective_actions': 'Patch management and '
'network access controls.',
'root_causes': 'Buffer overflow vulnerability in '
'snmptrapd daemon due to improper '
'input validation.'},
'recommendations': 'Immediately update Net-SNMP to patched versions (5.9.5 or '
'5.10.pre2) and firewall UDP port 162 to restrict access '
'to trusted IPs.',
'references': [{'date_accessed': '2025-12-24', 'source': 'Redazione RHC'},
{'date_accessed': '2025-12-24',
'source': 'Trend Micro Zero Day Initiative (ZDI)'}],
'response': {'containment_measures': 'Firewall UDP port 162 to restrict '
'access to trusted IPs',
'remediation_measures': 'Update to Net-SNMP 5.9.5 or 5.10.pre2',
'third_party_assistance': 'Trend Micro Zero Day Initiative '
'(ZDI)'},
'stakeholder_advisories': 'Administrators advised to update Net-SNMP and '
'restrict SNMP trap port access.',
'title': 'Critical Net-SNMP Vulnerability Exposes Networks to RCE Attacks',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-68615 (Buffer Overflow in snmptrapd)'}