CVE-2025-68920 HIGH

CVE-2025-68920

Vendor Kermitproject
Product C-Kermit
Weakness CWE-862 · Missing authorization
Published December 24, 2025
Last update December 24, 2025

CVSS base score

8.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 24, 2025 Record updated