VYPR
Moderate severityNVD Advisory· Published Apr 21, 2025· Updated Apr 21, 2025

Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters

CVE-2025-32793

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/cilium/ciliumGo
>= 1.13.0, < 1.15.161.15.16
github.com/cilium/ciliumGo
>= 1.16.0, < 1.16.91.16.9
github.com/cilium/ciliumGo
>= 1.17.0, < 1.17.31.17.3

Affected products

23

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.