Cilium Networking Solution Vulnerability Affecting AWS Security Group References
CVE-2025-64715

4MEDIUM

Key Information:

Vendor

Cilium

Status
Cilium
Vendor
CVE Published:
29 November 2025

What is CVE-2025-64715?

Cilium, a networking and security solution utilizing an eBPF-based data plane, exhibits a vulnerability wherein insecure referencing of non-existent or unattached AWS security group IDs in CiliumNetworkPolicies can unintentionally allow excessive outbound traffic. This occurs when the toCIDRset segment of the derived policy fails to generate correctly, resulting in broader access than intended. The issue arises in versions prior to 1.16.17, 1.17.10, and 1.18.4, which have since been patched. No workarounds are available for affected users.

Affected Version(s)

cilium < 1.16.17 < 1.16.17

cilium >= 1.17.0, < 1.17.10 < 1.17.0, 1.17.10

cilium >= 1.18.0, < 1.18.4 < 1.18.0, 1.18.4

References

https://github.com/cilium/cilium/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/cilium/cilium/commit/a385856b59c8289cc...
x_refsource_MISC
https://github.com/cilium/cilium/releases/tag/v1.16.17
x_refsource_MISC

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.