icon

We found results for “

CVE-2025-32793

Good to know:

icon

Date: April 21, 2025

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.

Severity Score

Severity Score

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

icon

Upgrade Version

Upgrade to version github.com/cilium/cilium - v1.15.16;github.com/cilium/cilium - v1.16.9;github.com/cilium/cilium - v1.17.3;https://github.com/cilium/cilium.git - v1.15.16;https://github.com/cilium/cilium.git - v1.16.9;https://github.com/cilium/cilium.git - v1.17.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us