VDB
CVE-2025-65942
CVE-2025-65942
PUBLISHED
CVSS 2.700000047683716 LOW
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM
EPSS 0.07% · 21.2th percentile
Risk Scores
CVSS v3.1
2.700000047683716
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.07%
21.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | VictoriaMetrics/VictoriaMetrics | 1.111.0, 1.0.0, 1.123.0 |
| VictoriaMetrics | VictoriaMetrics | >= 1.0.0, < 1.110.23, >= 1.111.0, < 1.122.8, >= 1.123.0, < 1.129.1 |
Timeline
- Nov 25, 2025 CVE Published
- Nov 26, 2025 EPSS Score
- Nov 26, 2025 PoC Published
- Dec 1, 2025 EPSS Score
- Dec 5, 2025 EPSS Score
- Dec 10, 2025 EPSS Score
- Dec 14, 2025 EPSS Score
- Dec 17, 2025 CVE Updated
- Dec 19, 2025 EPSS Score
- Dec 24, 2025 EPSS Score
- Dec 28, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
References
- https://github.com/VictoriaMetrics/VictoriaMetrics/security/advisories/GHSA-66jq-2c23-2xh5 url
- https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24 url
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23 url
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8 url
- https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-65942 advisory
- https://github.com/VictoriaMetrics/VictoriaMetrics package