Main Vulnerability Database SB2025112860

SB2025112860 - Unrestricted egress traffic in Cilium

Published: November 28, 2025

Security Bulletin ID SB2025112860

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Protection mechanism failure (CVE-ID: CVE-2025-64715)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to an error in CiliumNetworkPolicy implementation. If the egress.toGroups.aws.securityGroupsIds references AWS security group IDs that do not exist or are not attached to any network interface, the toCIDRset section of the derived policy is not generated. As a result the outbound traffic is allowed to more destinations than originally intended.

Remediation

Install update from vendor's website.

References

https://github.com/cilium/cilium/security/advisories/GHSA-38pp-6gcp-rqvm