摘要:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.
安全等级: Low
公告ID: KylinSec-SA-2025-2425
发布日期: 2025年5月30日
关联CVE: CVE-2025-32793
在 Cilium 中发现一个安全漏洞,该漏洞影响使用 Wireguard 透明加密的集群环境。受影响版本为 1.15.0-1.15.15、1.16.0-1.16.8 和 1.17.0-1.17.2。当流量通过 Cilium 处理时,由于竞态条件(race condition),终止端点(terminating endpoint)发出的数据包可能在未加密的情况下离开源节点
。此问题已在以下版本中修复:
1.15.16
1.16.9
1.17.3
目前尚无临时缓解措施(workarounds)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-32793 | KY3.4-5A | cilium | Unaffected |
| CVE-2025-32793 | V6 | cilium | Unaffected |
