A newly disclosed security issue in the Net-SNMP software suite has raised serious concerns for organizations that rely on the protocol to monitor and manage network infrastructure. The vulnerability, identified as CVE-2025-68615, affects a core component of Net-SNMP and could allow remote attackers to crash critical services or potentially gain deeper control over affected systems.
Net-SNMP is a widely used implementation of the Simple Network Management Protocol (SNMP), commonly deployed across enterprise and service provider environments. It is used to monitor and manage routers, switches, servers, and other network-connected devices. Because of its widespread adoption, vulnerabilities within Net-SNMP often have broad implications, and CVE-2025-68615 is no exception.
According to advisories published on GitHub, the flaw exists in the snmptrapd daemon, a background service responsible for receiving and processing SNMP trap messages. Trap messages are unsolicited alerts sent by devices to notify administrators of specific events. In the case of CVE-2025-68615, the daemon improperly handles incoming packets, creating an opportunity for exploitation.
Buffer Overflow in snmptrapd Enables Denial of Service (CVE-2025-68615)
The GitHub advisory explains that a threat actor can exploit this issue by sending a “specially crafted packet” to a vulnerable snmptrapd instance. When the daemon attempts to process the malformed data, a buffer overflow occurs. As described in the advisory, this condition causes the daemon to crash, resulting in a denial-of-service scenario.
The official description states: “A specially crafted packet to a net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash.” While a service crash is the most immediate effect, the underlying vulnerability presents a broader security risk.
CVE-2025-68615 has been assigned a Common Vulnerability Scoring System (CVSS) score of 9.8, classifying it as Critical. The CVSS metrics indicate a “High” impact on confidentiality, integrity, and availability. In security assessments, a buffer overflow with these ratings often implies that exploitation could extend beyond service disruption.
Experts caution that vulnerabilities like CVE-2025-68615 may allow attackers to execute arbitrary code remotely, potentially enabling full system compromise without authentication or user interaction. This risk is heightened by the fact that the snmptrapd daemon often runs with elevated privileges and is designed to accept network traffic.
Patch Availability and Recommended Mitigations
The vulnerability was discovered by buddurid, working in collaboration with the Trend Micro Zero Day Initiative. Following responsible disclosure, the Net-SNMP maintainers issued fixes and published details through a GitHub Security Advisory tracked as GHSA-4389-rwqf-q9gq.
According to the advisory, all versions of Net-SNMP are affected. The issue has been resolved in Net SNMP versions 5.9.5 and 5.10.pre2, and administrators running the snmptrapd daemon are urged to upgrade immediately. The advisory notes: “Users of Net-SNMP’s snmptrapd should upgrade immediately to Net-SNMP 5.9.5 or 5.10.pre2.”
For organizations unable to deploy patches immediately, the advisory outlines limited workaround options. Network segmentation remains the primary defense. SNMP ports should never be exposed to the public internet, and firewall rules should block external access to the snmptrapd port. The advisory emphasizes that there is no mitigation other than upgrading or ensuring the service is properly firewalled.
As details continue to circulate on GitHub and through security channels, organizations using Net-SNMP are encouraged to review their deployments, confirm firewall configurations, and prioritize updates. Given the critical severity of CVE-2025-68615 and the essential role Net-SNMP plays in network monitoring, timely remediation is necessary to reduce the risk of service disruption or system compromise.