VYPR
Moderate severityGHSA Advisory· Published Dec 18, 2025· Updated Dec 19, 2025

Filebeat Improper Validation of Specified Index, Position, or Offset in Input

CVE-2025-68383

Description

Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/elastic/beats/v7Go
>= 7.7.0, < 8.19.98.19.9
github.com/elastic/beats/v7Go
>= 9.0.0, < 9.1.99.1.9
github.com/elastic/beats/v7Go
>= 9.2.0, < 9.2.39.2.3
github.com/elastic/beats/v7Go
< 7.0.0-alpha2.0.20251204214633-dd3af18220bf7.0.0-alpha2.0.20251204214633-dd3af18220bf
github.com/elastic/beatsGo
<= 7.6.2

Affected products

80

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.