Tunneling Vulnerability in Networking Products Exposing Security Flaws
CVE-2025-23018

5.4MEDIUM

Key Information:

Vendor: Ietf
Status: Ipv6
Vendor: CVE Published:; 14 January 2025

Summary

The vulnerability arises due to the lack of validation within IPv4-in-IPv6 and IPv6-in-IPv6 tunneling protocols, as specified in RFC 2473. This oversight enables an attacker to forge network packets and reroute arbitrary traffic through vulnerable network interfaces. The potential for abuse is significant, as attackers can exploit this issue to create unauthorized network pathways, compromising the integrity and confidentiality of transmitted data.

Affected Version(s)

IPv6 6

References

https://datatracker.ietf.org/doc/html/rfc2473

https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf

https://www.top10vpn.com/research/tunneling-protocol-vuln...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 14, 2025