CVE-2025-48056

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-48056

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48056.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-48056

Aliases

Downstream

openSUSE-SU-2025:15159-1

Related

openSUSE-SU-2025:15159-1

Published

2025-05-20T19:55:58.193Z

Modified

2026-03-20T12:43:36.601277Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Hubble CLI vulnerable to character injection

Details

Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.

Database specific

{
    "cwe_ids": [
        "CWE-74"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48056.json"
}

References

Affected packages

Git / github.com/cilium/cilium

Affected ranges

Type

GIT

Repo

https://github.com/cilium/cilium

Events

Introduced

Fixed

fb3ab54ffe3f1b5059e87a9022fd6559b276b7ce

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.17.2"
        }
    ]
}

Affected versions

1.*

1.10.0-rc0

1.11.0-rc0

1.11.0-rc1

1.11.0-rc2

1.12.0-rc0

1.12.0-rc1

1.12.0-rc2

1.13.0-rc0

1.13.0-rc1

1.13.0-rc2

1.13.0-rc3

1.14.0-pre.2

1.14.0-rc.0

1.14.0-snapshot.0

1.14.0-snapshot.1

1.14.0-snapshot.2

1.14.0-snapshot.3

1.14.0-snapshot.4

1.15.0-pre.0

1.15.0-pre.1

1.15.0-pre.2

1.15.0-pre.3

1.16.0-pre.0

1.16.0-pre.1

1.16.0-pre.2

1.16.0-pre.3

1.16.0-rc.0

1.17.0

1.17.0-pre.0

1.17.0-pre.1

1.17.0-pre.2

1.17.0-pre.3

1.17.0-rc.0

1.17.0-rc.1

1.17.0-rc.2

1.17.1

1.5.0-rc2

1.8.0-rc1

1.9.0-rc0

1.9.0-rc1

v0.*

v0.10.0

v0.13.1

v0.13.10

v0.13.14

v0.13.15

v0.13.16

v0.13.17

v0.13.18

v0.13.19

v0.13.2

v0.13.20

v0.13.21

v0.13.22

v0.13.25

v0.13.4

v0.13.5

v0.13.6

v0.13.8

v0.8.0

v0.8.2

v0.9.0-rc1

v1.*

v1.0.0-rc1

v1.0.0-rc4

v1.0.0-rc5

v1.0.0-rc6

v1.0.0-rc7

v1.0.0-rc8

v1.0.0-rc9

v1.10.0-rc0

v1.11.0-rc0

v1.11.0-rc1

v1.11.0-rc2

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.13.0-rc0

v1.13.0-rc1

v1.13.0-rc2

v1.13.0-rc3

v1.14.0-pre.2

v1.14.0-rc.0

v1.14.0-snapshot.0

v1.14.0-snapshot.1

v1.14.0-snapshot.2

v1.14.0-snapshot.3

v1.14.0-snapshot.4

v1.14.0-snapshot.5

v1.15.0-pre.0

v1.15.0-pre.1

v1.15.0-pre.2

v1.15.0-pre.3

v1.16.0-pre.0

v1.16.0-pre.1

v1.16.0-pre.2

v1.16.0-pre.3

v1.16.0-rc.0

v1.17.0

v1.17.0-pre.0

v1.17.0-pre.1

v1.17.0-pre.2

v1.17.0-pre.3

v1.17.0-rc.0

v1.17.0-rc.1

v1.17.0-rc.2

v1.17.1

v1.3.0-rc1

v1.5.0-rc1

v1.5.0-rc2

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.7.0-rc1

v1.7.0-rc2

v1.8.0-rc1

v1.9.0-rc0

v1.9.0-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-48056.json"