CVE-2024-25630

MEDIUM

Cilium <1.14.7 - Info Disclosure

Title source: llm

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue.

References (3)

[Vendor Advisory] https://github.com/cilium/cilium/security/advisories/GHSA-7496-fgv9-xw82

[Product] https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg

[Release Notes] https://github.com/cilium/cilium/releases/tag/v1.14.7

Scores

CVSS v3 6.1

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319 CWE-311

Status published

Products (2)

cilium/cilium 1.14.0 - 1.14.7

cilium/cilium 1.14.0 - 1.14.7Go

Published Feb 20, 2024

Tracked Since Feb 18, 2026