Networking Security Flaw in Cilium Affecting Multiple Versions
CVE-2025-30162
What is CVE-2025-30162?
Cilium, a robust networking and security solution using eBPF, has a significant flaw affecting users who employ the Gateway API for ingress control. Specifically, when network policies are in place to block egress traffic between namespaces, this vulnerability erroneously allows outgoing traffic from workloads to LoadBalancers configured through Gateway resources, despite the policies intended to restrict such access. LoadBalancers that are not set up via Gateway API are unaffected. Users managing affected versions (Cilium v1.15.0 to v1.15.14, v1.16.0 to v1.16.7, v1.17.0 to v1.17.1) are strongly advised to upgrade to the patched versions (Cilium v1.15.15, v1.16.8, v1.17.2) to mitigate this issue. As a temporary workaround, implementing Clusterwide Cilium Network Policies may provide relief for those unable to perform an upgrade.