CVE-2025-0650

EUVD-2025-1804
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Debian logo
Debian Releases
Debian Product
Codename
ovn
bookworm
no-dsa
forky
26.03.0-6
fixed
sid
26.03.0-6
fixed
trixie
25.03.0-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenvswitch-2_11-0
suse enterprise server 12 SP5
2.11.5-3.24.2
fixed
libopenvswitch-2_13-0
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
libopenvswitch-2_14-0
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
libopenvswitch-3_1-0
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
libovn-20_03-0
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
libovn-20_06-0
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
libovn-23_03-0
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
openvswitch
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 12 SP5
2.11.5-3.24.2
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
openvswitch-devel
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
openvswitch-ipsec
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
openvswitch-pki
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
openvswitch-test
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
openvswitch-vtep
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
openvswitch3
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-devel
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-ipsec
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-pki
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-test
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
openvswitch3-vtep
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
ovn
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
ovn-central
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
ovn-devel
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
ovn-docker
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
ovn-host
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
ovn-vtep
suse enterprise sap 15 SP6
23.03.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
20.03.1-150200.9.37.1
fixed
suse enterprise server 15 SP4
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
20.06.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
23.03.3-150600.33.9.1
fixed
ovn3
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-central
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-devel
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-docker
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-host
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
ovn3-vtep
suse enterprise server 15 SP5
23.03.3-150500.3.25.1
fixed
python3-ovs
suse enterprise sap 15 SP6
3.1.0-150600.33.6.1
fixed
suse enterprise server 15 SP2
2.13.2-150200.9.37.1
fixed
suse enterprise server 15 SP4
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP5
2.14.2-150400.24.26.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.33.9.1
fixed
python3-ovs3
suse enterprise server 15 SP5
3.1.7-150500.3.25.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:1083
https://access.redhat.com/errata/RHSA-2025:1084
https://access.redhat.com/errata/RHSA-2025:1085
https://access.redhat.com/errata/RHSA-2025:1086
https://access.redhat.com/errata/RHSA-2025:1087
https://access.redhat.com/errata/RHSA-2025:1088
https://access.redhat.com/errata/RHSA-2025:1089
https://access.redhat.com/errata/RHSA-2025:1090
https://access.redhat.com/errata/RHSA-2025:1091
https://access.redhat.com/errata/RHSA-2025:1092
https://access.redhat.com/errata/RHSA-2025:1093
https://access.redhat.com/errata/RHSA-2025:1094
https://access.redhat.com/errata/RHSA-2025:1095
https://access.redhat.com/errata/RHSA-2025:1096
https://access.redhat.com/errata/RHSA-2025:1097
https://access.redhat.com/security/cve/CVE-2025-0650
https://bugzilla.redhat.com/show_bug.cgi?id=2339537
https://www.openwall.com/lists/oss-security/2025/01/22/5
http://www.openwall.com/lists/oss-security/2025/01/22/11