File Overwrite Vulnerability in C-Kermit by Kermit Project
CVE-2025-68920

8.9HIGH

Key Information:

Vendor: Kermitproject
Status: C-kermit
Vendor: CVE Published:; 24 December 2025

🔔 Create Kermitproject Vulnerability Alert

What is CVE-2025-68920?

C-Kermit, a communication software, is susceptible to a vulnerability that allows a remote Kermit system to manipulate files on a local machine. This exploitation could lead to unauthorized file overwrites or the retrieval of sensitive local files, posing significant risks to users' data integrity and confidentiality. Users of C-Kermit versions up to 10.0 Beta.12 must take caution and consider updating to address this security issue.

Affected Version(s)

C-Kermit 7 <= 10.0 Beta.12

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123025

https://github.com/KermitProject/ckermit/pull/20

https://www.kermitproject.org/ftp/kermit/test/tar/

CVSS V3.1

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 24, 2025

JSON