WireGuard Vulnerability in Omni Product for Kubernetes Management
CVE-2025-59824

0.5LOW

Key Information:

Vendor: Siderolabs
Status: Omni
Vendor: CVE Published:; 24 September 2025

What is CVE-2025-59824?

The Omni product facilitates Kubernetes management across various environments, including bare metal and cloud setups. Before version 0.48.0, the SideroLink feature leveraging WireGuard had a significant flaw where it properly validated the source IP address but did not check the destination address on incoming packets. This oversight allowed potential malicious workloads running in untrusted environments, like Kubernetes configured with host networking, to exploit the connection. As a result, attackers could craft arbitrary packets that might compromise the security of the link, opening paths for further exploitation. This vulnerability has been addressed in the latest update, version 0.48.0.

Affected Version(s)

omni < 0.48.0

References

https://github.com/siderolabs/omni/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/siderolabs/omni/commit/a5efd816a239e6c...

x_refsource_MISC

CVSS V4

Score:

0.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Sep 22, 2025

JSON

Siderolabs

What is CVE-2025-59824?

Affected Version(s)

References

CVSS V4

Timeline