Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN904 _____________________________________________________________________ DATE : 26/12/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Net-SNMP versions prior to 5.9.5, 5.10.pre2. ===================================================================== https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq _____________________________________________________________________ Net-SNMP snmptrapd vulnerability Critical hardaker published GHSA-4389-rwqf-q9gq Dec 22, 2025 Package Net-SNMP Affected versions All Patched versions 5.9.5, 5.10.pre2 Description Impact A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. Patches Users of Net-SNMP's snmptrapd should upgrade immediately to Net-SNMP 5.9.5 or 5.10.pre2. Other workarounds SNMP ports should never be open to public networks. There is no mitigation available other than ensuring ports to snmptrapd are appropriately firewalled or by upgrading to the most recent versions of the Net-SNMP software: 5.9.5 or 5.10.pre2. CVE Identifier This has been assigned a CVE identifier of CVE-2025-68615. Credits This vulnerability was discovered by: buddurid working with Trend Micro Zero Day Initiative Severity Critical 9.8/ 10 CVSS v3 base metrics Attack vector Network Attack complexity Low Privileges required None User interaction None Scope Unchanged Confidentiality High Integrity High Availability High CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE ID CVE-2025-68615 Weaknesses No CWEs ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================