CRITICAL Vulnerability CVE-2025-68615 Exposes Alpine 3.23-Based PHP Images

A critical security flaw has been automatically detected in a series of Docker images, exposing applications built on specific PHP and Alpine Linux versions. The vulnerability, CVE-2025-68615, is rated as CRITICAL and stems from an outdated version of the `net-snmp-libs` package within the Alpine 3.23.3 operating system layer. This flaw directly impacts container images published under the `ghcr.io/rafalmasiarek/php` repository, specifically targeting the PHP 8.4 and 8.5 branches in both their `cli` and `fpm` variants.

The affected images are identified by their precise SHA256 hashes, confirming the presence of the vulnerable `net-snmp-libs` version 5.9.4-r2. The security fix requires an upgrade to version 5.9.5.2-r0. This vulnerability was flagged by an automated Trivy security scan, indicating it remains unresolved in the listed containers. The exposure is not theoretical; it is confirmed in four distinct public images that could be deployed in production environments, posing a direct risk to any service or application relying on them.

The discovery places immediate pressure on developers and DevOps teams using these specific `rafalmasiarek/php` images to verify their deployments and apply the necessary package update. While the repository maintainer has been notified via this GitHub issue, the remediation status is currently listed as 'Matched', suggesting the vulnerability has been identified but not yet patched in the published container builds. This creates a window of risk for downstream users who must now take independent action to rebuild their images or find alternative, secure bases to mitigate the critical exposure.