PT-2025-1141 · Ipv6 · Ipv6

Mathy Vanhoef

Published

2025-01-14

Updated

2025-03-08

CVE-2025-23018

CVSS v2.0

6.6

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:C

Name of the Vulnerable Software and Affected Versions IPv6 versions (affected versions not specified)

Description The issue concerns IPv4-in-IPv6 and IPv6-in-IPv6 tunneling, as defined in RFC 2473, which does not require validation or verification of the source of a network packet. This allows an attacker to spoof and route arbitrary traffic via an exposed network interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-940

Related Identifiers

BDU:2025-00420

CVE-2025-23018

Affected Products

Ipv6

PT-2025-1141 · Ipv6 · Ipv6

CVE-2025-23018

Weakness Enumeration

Related Identifiers

Affected Products

References · 14