VDB

CVE-2025-68388

CVE-2025-68388 PUBLISHED CVSS 5.300000190734863 MEDIUM

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.

EPSS 0.13% · 31.9th percentile

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.13%
31.9th percentile

Affected Products

VendorProductVersions
elasticsearchpacketbeat8.6.0, 9.0.0, 9.2.0
ElasticPacketbeat9.2.0, 8.6.0, 9.0.0
github.comelastic/beats/v70, 0
github.comelastic/beats8.6.0, 9.0.0, 9.2.0

Timeline

  • Dec 16, 2025 CVE ID Reserved
  • Dec 18, 2025 CVE Published
  • Dec 19, 2025 EPSS Score
  • Dec 19, 2025 PoC Published
  • Dec 20, 2025 CVE Updated
  • Dec 23, 2025 EPSS Score
  • Dec 27, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 7, 2026 EPSS Score
  • Jan 11, 2026 EPSS Score
  • Jan 15, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›