What is CVE-2025-68325?

CVE-2025-68325 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.10.241 onward and patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-68325?

CVE-2025-68325 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-68325?

Yes, CVE-2025-68325 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 5.10.241 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-68325 actively exploited?

CVE-2025-68325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-68325

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that the parent qdisc will enqueue the current packet. However, this assumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent qdisc stops enqueuing current packet, leaving the tree qlen/backlog accounting inconsistent. This mismatch can lead to a NULL dereference (e.g., when the parent Qdisc is qfq_qdisc). This patch computes the qlen/backlog delta in a more robust way by observing the difference before and after the series of cake_drop() calls, and then compensates the qdisc tree accounting if cake_enqueue() returns NET_XMIT_CN. To ensure correct compensation when ACK thinning is enabled, a new variable is introduced to keep qlen unchanged.

Package Linux Kernel

Published 2025-12-18

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.10.241, 5.15.190, 6.1.149, 6.6.103, 6.12.44, 5.4.297, 6.16.4, 6.17 and later are affected. Fixed in 5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.63, 6.17.13, 6.18.2, 6.19 and their respective stable series.

Affected from

≥ 5.10.241 ≥ 5.15.190 ≥ 6.1.149 ≥ 6.6.103 ≥ 6.12.44 ≥ 5.4.297 ≥ 6.16.4 ≥ 6.17

Fixed in

✓ 5.10.248 5.10.x ✓ 5.15.198 5.15.x ✓ 6.1.160 6.1.x ✓ 6.6.120 6.6.x ✓ 6.12.63 6.12.x ✓ 6.17.13 6.17.x ✓ 6.18.2 6.18.x ✓ 6.19

References

The following references provide additional information about CVE-2025-68325 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0b6216f9b3d1c33c76f74511026e5de5385ee520
Patch
Kernel patch commit
https://git.kernel.org/stable/c/38abf6e931b169ea88d7529b49096f53a5dcf8fe
Patch
Kernel patch commit
https://git.kernel.org/stable/c/3ed6c458530a547ed0c9ea0b02b19bab620be88b
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2025-68325?

CVE-2025-68325 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.10.241 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68325 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-68325?

Yes — CVE-2025-68325 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 5.10.241 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-68325 actively exploited?

No — CVE-2025-68325 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.