CVE-2025-64715

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-64715
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64715.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-64715
Aliases
  • GHSA-38pp-6gcp-rqvm
Published
2025-11-29T00:11:26.807Z
Modified
2025-11-29T02:57:46.884937Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic
Details

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64715.json",
    "cwe_ids": [
        "CWE-284"
    ]
}
References

Affected packages

Git / github.com/cilium/cilium

Affected ranges

Type
GIT
Repo
https://github.com/cilium/cilium
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
46dd18e1cf303ee70f444a2ade146941beccbd1d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.16.17"
        }
    ]
}
Type
GIT
Repo
https://github.com/cilium/cilium
Events
Introduced
c2bbf787eab9b7f728fcc861904d9bcf17e4ba9b
Fixed
2661dea2811d5c3580c22fa8545d9c76df1688e6
Database specific 
{
    "versions": [
        {
            "introduced": "1.17.0"
        },
        {
            "fixed": "1.17.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/cilium/cilium
Events
Introduced
274205f001bb24b89d19f0fe7c3fb3aca20030c2
Fixed
afda2aa99d26f190de8944580ceadb64d9d14d38
Database specific 
{
    "versions": [
        {
            "introduced": "1.18.0"
        },
        {
            "fixed": "1.18.4"
        }
    ]
}