Critical buffer overflow flaw reported in Net-SNMP
Take action: If you are running Net-SNMP, make sure the system is isolated from the internet and only accessible from trusted networks. Immediately update to version 5.9.5 or later.
Learn More
Net-SNMP maintainers are reporting a critical vulnerability allows remote attackers to trigger service crashes and potentially achieve remote code execution.
The flaw is tracked as CVE-2025-68615 (CVSS score 9.8), a buffer overflow vulnerability in the snmptrapd daemon. The service improperly handles and validates specific fields within incoming SNMP trap packets. When an attacker crafts a malicious SNMP trap message with malformed fields or oversized data sections and sends it to a vulnerable snmptrapd instance, the daemon fails to appropriately validate the packet size or content, resulting in memory boundaries being overwritten potentially creating denial of service or even allowing complete system compromise.
Affected versions are all Net-SNMP Community Edition and Enterprise Edition releases prior to version 5.9.5, as well as all development versions prior to 5.10.pre2.
The vulnerability is most dangerous for any internet-accessible instance running on the default UDP port 162. Organizations can verify their current Net-SNMP version to determine if they are running vulnerable software that requires immediate attention.
