CNNVD-202511-3054 Information
CNNVD ID
CNNVD-202511-3054
Related CVE
- CNNVD Published: 2025-11-29
Description (Chinese)
Cilium是Cilium开源的一个开源软件。用于提供和透明地保护应用程序工作负载(如应用程序容器或进程)之间的网络连接和负载平衡。 Cilium 1.16.17之前版本、1.17.10之前版本和1.18.4之前版本存在访问控制错误漏洞,该漏洞源于AWS安全组ID引用不当,可能导致超出预期的出站访问。
Description (English)
Cilium is an open source software for the Cilium Open Source. To provide and transparently protect network connectivity and load balance between application loads (e.g. application containers or processes). There was an access control error gap in the pre-Cilium 1.16.17, pre-Cilium 1.17 and pre-Cl17.10 and pre-Cl.18.4, which stemmed from the inappropriate citation of the AWS security team ID, which could lead to more than anticipated out-of-station visits.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Cilium
Published
2025-11-29
Last Modified
2026-02-24
References
https://github.com/cilium/cilium/releases/tag/v1.16.17 https://github.com/cilium/cilium/commit/a385856b59c8289cc7273fa3a3062bbf0ef96c97 https://github.com/cilium/cilium/releases/tag/v1.18.4 https://github.com/cilium/cilium/releases/tag/v1.17.10 https://github.com/cilium/cilium/security/advisories/GHSA-38pp-6gcp-rqvm https://access.redhat.com/security/cve/cve-2025-64715
Patch
https://github.com/cilium/cilium/releases
Share on: