CNNVD-202509-3783 Information

CNNVD ID

CNNVD-202509-3783

Related CVE

CVE-2025-59824

• CNNVD Published: 2025-09-24

Description (Chinese)

omni是Sidero Labs, Inc.开源的一个Kubernetes的部署工具。 Omni 0.48.0之前版本存在安全漏洞，该漏洞源于未验证数据包目标地址，可能导致恶意负载通过SideroLink接口发送任意数据包。

Description (English)

Onni is a Kubernetes deployment tool for Sidero Labs, Inc. A security loophole existed in the pre-Omni 0.48.0 version, which originated from the unverified target address of the package and could result in a malicious load sending any data package via the SideroLink interface.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Sidero Labs, Inc.

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/siderolabs/omni/security/advisories/GHSA-hqrf-67pm-wgfq https://github.com/siderolabs/omni/commit/a5efd816a239e6c9e5ea7c0d43c02c04504d7b60 https://access.redhat.com/security/cve/cve-2025-59824

Patch

https://github.com/siderolabs/omni/releases