VYPR
High severityOSV Advisory· Published Dec 18, 2025· Updated Dec 19, 2025

CVE-2025-68388

CVE-2025-68388

Description

Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/elastic/beatsGo
>= 8.6.0, < 8.19.98.19.9
github.com/elastic/beatsGo
>= 9.0.0, < 9.1.99.1.9
github.com/elastic/beatsGo
>= 9.2.0, < 9.2.39.2.3
github.com/elastic/beats/v7Go
< 7.0.0-alpha2.0.20251209162832-28cfc80d2f4e7.0.0-alpha2.0.20251209162832-28cfc80d2f4e

Affected products

82

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.