A critical buffer overflow vulnerability in Net-SNMP’s snmptrapd daemon allows remote attackers to crash the service by sending specially crafted packets, potentially disrupting network monitoring operations across enterprise environments.
The flaw, tracked as CVE-2025-68615, affects all versions of Net-SNMP before the recently released patches.
Security researcher Buddurid, working with Trend Micro Zero Day Initiative, discovered the vulnerability and reported it through coordinated disclosure channels.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-68615 |
| Package | Net-SNMP |
| Vulnerability Type | Buffer Overflow |
| Severity | Critical |
| CVSS v3.1 Score | 9.8/10 |
The Net-SNMP maintainers, including prominent contributor Wes Hardaker from USC/ISI, promptly addressed the issue with updated releases.
Technical Impact and Severity
The vulnerability has a CVSS v3.1 score of 9.8 out of 10, indicating critical severity. Attackers can exploit the flaw without authentication, requiring no user interaction or special privileges.
The attack vector is network-based, making any exposed snmptrapd instance potentially vulnerable.
According to CVSS metrics, successful exploitation results in complete compromise of the three security pillars: confidentiality, integrity, and availability.
The buffer overflow occurs when snmptrapd processes maliciously crafted SNMP trap packets, causing the daemon to crash and cease network monitoring functions until manually restarted.
All versions of Net-SNMP are vulnerable to this attack. The maintainers have released two patched versions: 5.9.5 and 5.10.pre2.
Organizations running snmptrapd in production environments should prioritize immediate upgrades to these versions to eliminate the attack vector.
Net-SNMP is a fundamental component of network management infrastructure, providing support for the SNMP protocol to monitor devices, collect performance data, and receive trap notifications from network equipment.
The widespread deployment of this library across enterprise networks amplifies the potential impact of this vulnerability.
Security experts emphasize that SNMP ports should never be exposed to public networks under any circumstances.
However, for vulnerable deployments, no effective mitigation beyond immediate patching exists.
Network segmentation and firewall rules restricting snmptrapd access to trusted management networks can reduce exposure, but do not eliminate the vulnerability.
Organizations must upgrade to Net-SNMP 5.9.5 or 5.10.pre2 without delay. The critical nature of this flaw, combined with its network-exploitable characteristics and lack of authentication requirements, demands urgent attention from network administrators and security teams responsible for infrastructure monitoring systems.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.