Home > Vulnerability Database > CVE-2025-0650

Mend.io Vulnerability Database

CVE-2025-0650

Date: January 23, 2025

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

Severity Score

8.1

Related Resources (21)

Url: https://access.redhat.com/security/cve/CVE-2025-0650

Url: https://www.openwall.com/lists/oss-security/2025/01/22/5

Url: http://www.openwall.com/lists/oss-security/2025/01/22/11

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0650

Url: https://access.redhat.com/errata/RHSA-2025:1087

Url: https://access.redhat.com/errata/RHSA-2025:1086

Url: https://access.redhat.com/errata/RHSA-2025:1097

Url: https://access.redhat.com/errata/RHSA-2025:1089

Url: https://access.redhat.com/errata/RHSA-2025:1088

Url: https://access.redhat.com/errata/RHSA-2025:1083

Url: https://access.redhat.com/errata/RHSA-2025:1094

Url: https://access.redhat.com/errata/RHSA-2025:1093

Url: https://access.redhat.com/errata/RHSA-2025:1085

Url: https://access.redhat.com/errata/RHSA-2025:1096

Url: https://access.redhat.com/errata/RHSA-2025:1084

Url: https://access.redhat.com/errata/RHSA-2025:1095

Url: https://access.redhat.com/errata/RHSA-2025:1090

Url: https://access.redhat.com/errata/RHSA-2025:1092

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2339537

Url: https://access.redhat.com/errata/RHSA-2025:1091

Url: https://www.mend.io/vulnerability-database/CVE-2025-0650

Severity Score

8.1

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0650

Date: January 23, 2025

Severity Score

Related Resources (21)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?