CVE-2025-68382

CVE-2025-68382

Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.

Published Dec 19, 2025

discuss.elastic.co

CVSS ScoreMedium

6.5

Vulnerabilities

CVE-2025-68382

Published Dec 19, 2025

discuss.elastic.co

CVSS ScoreMedium

6.5

CVE-2025-68382 Security Details

CVE ID: CVE-2025-68382
CWE: CWE-125
CVE Description: Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Published: Dec 19, 2025
CVSS Score & Severity: 6.5Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.059%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: discuss.elastic.coPROJECT

CVE-2025-68382 Security Details

CVE ID: CVE-2025-68382
CWE: CWE-125
CVE Description: Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Published: Dec 19, 2025
CVSS Score & Severity: 6.5Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.059%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: discuss.elastic.coPROJECT

Find vulnerabilities. Fix fast with AI.

CVE-2025-68382

CVE-2025-68382 Security Details

CVE-2025-68382 Security Details