Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-65942

Good to know:

icon
icon

Date: November 25, 2025

VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest limits. This issue has been patched in versions 1.110.23, 1.122.8, and 1.129.1.

Severity Score

Related Resources (8)

https://github.com/VictoriaMetrics/VictoriaMetrics/security/advisories/GHSA-66jq-2c23-2xh5
https://github.com/VictoriaMetrics/VictoriaMetrics/commit/51b44afd34d2c9a392d4ebedeeb5b4a7f5beca24
https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.122.8
https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.129.1
https://nvd.nist.gov/vuln/detail/CVE-2025-65942
https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.110.23
https://github.com/VictoriaMetrics/VictoriaMetrics
https://www.mend.io/vulnerability-database/CVE-2025-65942

Severity Score

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

icon

Upgrade Version

Upgrade to version github.com/VictoriaMetrics/VictoriaMetrics - v1.129.1;github.com/VictoriaMetrics/VictoriaMetrics - v1.122.8;github.com/VictoriaMetrics/VictoriaMetrics - v1.110.23;https://github.com/VictoriaMetrics/VictoriaMetrics.git - v1.110.23;https://github.com/VictoriaMetrics/VictoriaMetrics.git - v1.122.8;https://github.com/VictoriaMetrics/VictoriaMetrics.git - v1.129.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us