Plattform
unix
Komponente
ckermit
Behoben in
10.0.1
CVE-2025-68920 affects C-Kermit, a file transfer and terminal emulation program. This vulnerability enables a remote Kermit system to gain unauthorized access to files on the local system, potentially leading to data breaches or system compromise. Versions 7 through 10.0 Beta.12 (specifically, ckermit versions prior to commit 244644d) are vulnerable. A fix is available in version 244644d.
The arbitrary file access vulnerability in C-Kermit poses a significant risk. An attacker controlling a remote Kermit system can exploit this flaw to overwrite critical system files, potentially leading to denial of service or complete system takeover. Alternatively, the attacker could retrieve sensitive data stored on the local system, including configuration files, user credentials, or proprietary information. The blast radius extends to any system running a vulnerable version of C-Kermit and accessible via a Kermit connection. While no direct precedent exists mirroring this exact vulnerability, the potential for remote file manipulation shares similarities with other file access vulnerabilities that have led to significant data breaches and system compromises.
CVE-2025-68920 was published on December 24, 2025. The vulnerability's exploitation probability is currently assessed as medium, given the relatively niche nature of C-Kermit and the need for a remote Kermit connection. No public proof-of-concept exploits are currently known. The vulnerability is not listed on KEV or EPSS as of this writing. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-68920 is to upgrade C-Kermit to version 244644d or later. If immediate upgrading is not feasible due to compatibility concerns or system downtime requirements, consider implementing temporary workarounds. Restrict Kermit access to trusted networks and systems only. Implement strict file access controls on the affected system to limit the potential impact of a successful exploit. Monitor Kermit connections for suspicious activity. After upgrading to version 244644d, verify the fix by attempting a file transfer from a remote Kermit system and confirming that file access is restricted to authorized locations.
Actualice C-Kermit a la versión posterior a 244644d o a una versión estable más reciente. Esto corrige la vulnerabilidad que permite la sobreescritura o recuperación de archivos no autorizados. Consulte las notas de la versión y el repositorio de KermitProject para obtener más detalles sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a vulnerability in C-Kermit allowing remote Kermit systems to read or overwrite files on your system.
If you're using C-Kermit versions 7 through 10.0 Beta.12 (prior to 244644d), you are potentially affected.
Upgrade C-Kermit to version 244644d or later to resolve this arbitrary file access vulnerability.
No public exploits are currently known, but monitor for updates and advisories.
Refer to the official C-Kermit documentation and security advisories for further information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.