CVE-2025-30163

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30163
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.

3.4 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://docs.cilium.io/en/stable/security/policy/language/#node-based
https://github.com/cilium/cilium/pull/36657
https://github.com/cilium/cilium/security/advisories/GHSA-c6pf-2v8j-96mc
Configurations

No configuration.

History

27 Mar 2025, 16:45

Type Values Removed Values Added
Summary
  • (es) Cilium es una solución de redes, observabilidad y seguridad con un plano de datos basado en eBPF. Las políticas de red basadas en nodos (`fromNodes` y `toNodes`) permiten incorrectamente el tráfico hacia/desde endpoints que no son nodos y que comparten las etiquetas especificadas en las secciones `fromNodes` y `toNodes` de las políticas de red. La política de red basada en nodos está deshabilitada por defecto en Cilium. Este problema afecta a Cilium v1.16 entre v1.16.0 y v1.16.7 inclusive, y a v1.17 entre v1.17.0 y v1.17.1 inclusive. Este problema se ha corregido en Cilium v1.16.8 y v1.17.2. Los usuarios pueden solucionar este problema asegurándose de que las etiquetas utilizadas en los campos `fromNodes` y `toNodes` sean utilizadas exclusivamente por los nodos y no por otros endpoints.

24 Mar 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-24 19:15

Updated : 2025-03-27 16:45

NVD link : CVE-2025-30163

Mitre link : CVE-2025-30163

CVE.ORG link : CVE-2025-30163

JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization