IPv6-in-IPv4 Tunneling Vulnerability in Networking Products
CVE-2025-23019

5.4MEDIUM

Key Information:

Vendor: Ietf
Status: Ipv6
Vendor: CVE Published:; 14 January 2025

What is CVE-2025-23019?

The IPv6-in-IPv4 tunneling vulnerability allows attackers to exploit exposed network interfaces, enabling them to spoof and reroute traffic. This flaw stems from a lack of proper filtering and validation in the implementation of RFC 4213, which governs tunneling protocols. Attackers could potentially gain unauthorized access and manipulate network traffic, posing significant risks to data integrity and confidentiality. Organizations utilizing affected networking devices must implement immediate security measures to mitigate the associated risks and protect their infrastructures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IPv6 6

References

https://datatracker.ietf.org/doc/html/rfc4213

https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf

https://www.top10vpn.com/research/tunneling-protocol-vuln...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 14, 2025

JSON

Ietf