CVE-2025-32793
21.04.2025, 16:15
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.
| Vendor | Product | Version |
|---|---|---|
| cilium | cilium | 1.13.0 ≤ 𝑥 < 1.15.16 |
| cilium | cilium | 1.16.0 ≤ 𝑥 < 1.16.9 |
| cilium | cilium | 1.17.0 ≤ 𝑥 < 1.17.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-319 - Cleartext Transmission of Sensitive InformationThe software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.