CVE-2025-59824

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Omni versions prior to 0.48.0

Description Omni, a Kubernetes management platform, has a potential issue where the Wireguard SideroLink component could be exploited to allow unauthorized packet transmission. The system establishes a peer-to-peer connection using WireGuard for mutual authentication and authorization. While the source IP address of incoming packets is validated, the destination address is not. This lack of destination address validation, combined with the untrusted nature of the Talos environment and potential access from workloads with host networking, could allow a malicious workload to send arbitrary packets over the SideroLink interface.

Recommendations Update to version 0.48.0 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-59824

GHSA-HQRF-67PM-WGFQ

GO-2025-3979

OPENSUSE-SU-2025:15666-1

SUSE-SU-2025:3799-1

Affected Products

Kubernetes

Omni

Siderolink

Talos

Wireguard

CVE-2025-59824

Weakness Enumeration

Related Identifiers

Affected Products

References · 50