Medium severity4.9OSV Advisory· Published Oct 23, 2025· Updated Apr 15, 2026
CVE-2025-62820
CVE-2025-62820
Description
Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/slackhq/nebulaGo | >= 1.9.4, < 1.9.7 | 1.9.7 |
Affected products
22- osv-coords21 versionspkg:apk/chainguard/caddypkg:apk/chainguard/caddy-fipspkg:apk/chainguard/caddy-manpkg:apk/chainguard/caddy-srcpkg:apk/chainguard/steppkg:apk/chainguard/step-capkg:apk/chainguard/step-ca-fipspkg:apk/chainguard/step-fipspkg:apk/chainguard/step-issuerpkg:apk/chainguard/step-issuer-compatpkg:apk/chainguard/step-issuer-fipspkg:apk/chainguard/step-issuer-fips-compatpkg:apk/wolfi/caddypkg:apk/wolfi/caddy-manpkg:apk/wolfi/caddy-srcpkg:apk/wolfi/steppkg:apk/wolfi/step-capkg:apk/wolfi/step-issuerpkg:apk/wolfi/step-issuer-compatpkg:golang/github.com/slackhq/nebulapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 2.10.2-r3+ 20 more
- (no CPE)range: < 2.10.2-r3
- (no CPE)range: < 2.10.2-r2
- (no CPE)range: < 2.10.2-r3
- (no CPE)range: < 2.10.2-r3
- (no CPE)range: < 0.28.7-r4
- (no CPE)range: < 0.28.4-r3
- (no CPE)range: < 0.28.4-r4
- (no CPE)range: < 0.28.7-r4
- (no CPE)range: < 0.9.9-r3
- (no CPE)range: < 0.9.9-r3
- (no CPE)range: < 0.9.9-r3
- (no CPE)range: < 0.9.9-r3
- (no CPE)range: < 2.10.2-r3
- (no CPE)range: < 2.10.2-r3
- (no CPE)range: < 2.10.2-r3
- (no CPE)range: < 0.28.7-r4
- (no CPE)range: < 0.28.4-r3
- (no CPE)range: < 0.9.9-r3
- (no CPE)range: < 0.9.9-r3
- (no CPE)range: >= 1.9.4, < 1.9.7
- (no CPE)range: < 0.0.20251105T184115-1.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.