CVE-2025-68468 — Vulnetix

CVE-2025-68468 PUBLISHED CVSS 6.5 MEDIUM

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.

EPSS 0.02% · 4.9th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.02%

4.9th percentile

Affected Products

Vendor	Product	Versions
avahi	avahi	<= 0.9-rc2, 0, 0.9

Timeline

Dec 18, 2025 CVE ID Reserved
Jan 12, 2026 CVE Published
Jan 12, 2026 CVE Updated
Jan 13, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 20, 2026 PoC Published
Jan 22, 2026 EPSS Score
Jan 25, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 3, 2026 EPSS Score

References

https://github.com/avahi/avahi/security/advisories/GHSA-cp79-r4x9-vf52 url
https://github.com/avahi/avahi/issues/683 url
https://github.com/avahi/avahi/commit/f66be13d7f31a3ef806d226bf8b67240179d309a url

Open in Interactive Console →