Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
2nd Edition GlitchZone RHC 320x100 2
TM RedHotCyber 970x120 042543
Critical Net-SNMP Vulnerability Exposes Networks to RCE Attacks

Critical Net-SNMP Vulnerability Exposes Networks to RCE Attacks

24 December 2025 08:44

A critical vulnerability has been discovered in the Net-SNMP software suite, widely used globally for network management and monitoring. The flaw, classified as CVE-2025-68615, has a CVSS score of 9.8, near the maximum, indicating a high risk for organizations using the snmptrapd service.

The vulnerability was discovered by security researcher buddurid , in collaboration with the Trend Micro Zero Day Initiative (ZDI). The vulnerability, a classic buffer overflow, allows an attacker to crash the daemon, and potentially cause further damage, simply by sending a specially crafted packet.

Recall that Net-SNMP is a fundamental component of network administration, supporting a wide range of protocols (SNMP v1, v2c, v3, AgentX) and transport modes (IPv4, IPv6, Unix sockets). It is the backbone of server, router, and switch monitoring for many organizations.

Net-SNMP maintainers have released patched versions to address this issue. Users are strongly advised to immediately update their installations to:

  • Net-SNMP 5.9.5
  • Net-SNMP 5.10.pre2

According to the issued advisory , the flaw is triggered by a “specially crafted packet.” When the daemon attempts to process this malicious input, it triggers a buffer overflow. While the advisory explicitly states that this causes the daemon to crash, resulting in a denial of service (DoS), a CVSS score of 9.8 generally suggests the possibility of more serious consequences, such as remote code execution (RCE), if the overflow is skillfully exploited.

“There is no mitigation available other than ensuring the ports to snmptrapd are properly firewalled,” the report states. The vulnerability resides specifically in the snmptrapd daemon, the component responsible for receiving and processing SNMP trap messages (alerts sent by network devices).

If the snmptrapd listener is exposed to the Internet, it is vulnerable to attacks from anywhere in the world.

Administrators are advised to ensure that UDP port 162, which is used by default for SNMP traps, is strictly protected by firewalls and accessible only from trusted, internal IP addresses intended for management.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

  • #cybersecurity
  • buffer overflow
  • CVE-2025-68615
  • dos
  • Net-SNMP
  • network administration
  • network security
  • patch management
  • RCE
  • SNMP
  • snmptrapd
  • Vulnerability
Immagine del sito
Redazione

The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.