Buffer Overflow Vulnerability in Filebeat Syslog Parser by Elastic
CVE-2025-68383

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Filebeat
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-68383?

A vulnerability exists within the Filebeat Syslog parser and the Libbeat Dissect processor that stems from improper validation techniques. This issue can be exploited by sending a specially crafted Syslog message or using a malicious tokenizer pattern in the Dissect configuration. Successful exploitation may lead to a buffer overflow, resulting in a denial of service condition, where the Filebeat process may crash or panic, compromising system availability.

Affected Version(s)

Filebeat 7.0.0 <= 7.17.29

Filebeat 8.0.0 <= 8.19.8

Filebeat 9.0.0 <= 9.1.8

References

https://discuss.elastic.co/t/filebeat-8-19-9-9-1-9-and-9-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 16, 2025

JSON