CVE-2025-67835 Overview
CVE-2025-67835 is a Denial-of-Service (DoS) vulnerability affecting Paessler PRTG Network Monitor versions prior to 25.4.114. The vulnerability exists in the Notification Contacts functionality and can be exploited by an authenticated attacker over the network to disrupt service availability. This vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption), indicating that the affected component fails to properly limit resource utilization during request processing.
Critical Impact
Authenticated attackers can exploit the Notification Contacts functionality to cause a denial-of-service condition, potentially disrupting network monitoring capabilities across the organization's infrastructure.
Affected Products
- Paessler PRTG Network Monitor versions prior to 25.4.114
Discovery Timeline
- January 14, 2026 - CVE-2025-67835 published to NVD
- January 20, 2026 - Last updated in NVD database
Technical Details for CVE-2025-67835
Vulnerability Analysis
This vulnerability resides in the Notification Contacts functionality of Paessler PRTG Network Monitor. The root cause is classified under CWE-400 (Uncontrolled Resource Consumption), which indicates the application does not properly restrict the allocation of system resources when processing requests through this feature. An authenticated user can craft malicious requests that cause excessive resource consumption, ultimately leading to service degradation or complete unavailability.
The attack requires network access and low-privilege authenticated access to the PRTG Network Monitor interface. No user interaction is required for exploitation, and the impact is limited to availability—there is no compromise of confidentiality or integrity.
Root Cause
The vulnerability stems from uncontrolled resource consumption (CWE-400) in the Notification Contacts functionality. The application fails to implement proper resource limits or input validation when handling requests to this component, allowing an authenticated attacker to exhaust system resources such as CPU, memory, or connection pools.
Attack Vector
The attack is conducted over the network by an authenticated user targeting the Notification Contacts feature. The attacker requires valid credentials to access the PRTG Network Monitor web interface. Once authenticated, they can send specially crafted requests to the Notification Contacts functionality that trigger excessive resource consumption. This can be accomplished through repeated requests or by providing malformed input that causes the application to enter a resource-intensive processing state.
The vulnerability mechanism involves improper handling of resource allocation in the Notification Contacts component. When processing certain requests, the application fails to enforce limits on resource consumption, allowing an attacker to exhaust available system resources. For detailed technical information, refer to the Paessler Vulnerabilities Advisory.
Detection Methods for CVE-2025-67835
Indicators of Compromise
- Abnormal resource utilization (CPU, memory) on the PRTG Network Monitor server
- Repeated or rapid requests to the Notification Contacts functionality from single user accounts
- Service unavailability or degraded performance of the PRTG Network Monitor web interface
- Authentication logs showing unusual activity patterns followed by service disruption
Detection Strategies
- Monitor PRTG Network Monitor server resource utilization for sudden spikes in CPU or memory consumption
- Implement logging and alerting for excessive requests to the Notification Contacts API endpoints
- Review authentication logs for accounts making unusually high volumes of requests to notification-related features
- Deploy application-layer monitoring to detect abnormal request patterns targeting PRTG administrative functions
Monitoring Recommendations
- Enable detailed logging for the Notification Contacts functionality and PRTG administrative actions
- Configure resource monitoring alerts with appropriate thresholds for the PRTG server
- Implement rate limiting on administrative endpoints where possible
- Correlate authentication events with subsequent resource consumption anomalies
How to Mitigate CVE-2025-67835
Immediate Actions Required
- Upgrade Paessler PRTG Network Monitor to version 25.4.114 or later immediately
- Review and restrict user accounts with access to the Notification Contacts functionality
- Monitor for signs of exploitation attempts by reviewing server resource utilization and access logs
- Consider implementing network-level access controls to limit who can reach the PRTG administrative interface
Patch Information
Paessler has released version 25.4.114 which addresses this vulnerability. Organizations should upgrade to this version or later as soon as possible. The official security advisory is available at the Paessler Vulnerabilities Advisory.
Workarounds
- Restrict network access to the PRTG Network Monitor administrative interface using firewall rules
- Limit authenticated user accounts to only those with a legitimate business need
- Implement rate limiting at the web server or load balancer level for requests to administrative endpoints
- Monitor and alert on abnormal resource consumption to enable rapid response to exploitation attempts
# Example: Restrict access to PRTG administrative interface via firewall
# Allow only trusted management networks
iptables -A INPUT -p tcp --dport 443 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
