PT-2025-3995 · Unknown+6 · Open Virtual Network+6

Brian Haley

Published

2025-01-22

Updated

2026-01-26

CVE-2025-0650

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Virtual Network (OVN) (affected versions not specified)

Description A flaw was found in the Open Virtual Network (OVN) that allows specially crafted UDP packets to bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network. The OVN installation is vulnerable if a logical switch has DNS records set on it and if the same switch has any egress ACLs configured on it.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2025-03286

CVE-2025-0650

OPENSUSE-SU-2025:14757-1

OPENSUSE-SU-2025_0578-1

OPENSUSE-SU-2025_0583-1

OPENSUSE-SU-2025_0742-1

RHSA-2025:1083

RHSA-2025:1084

RHSA-2025:1085

RHSA-2025:1086

RHSA-2025:1087

RHSA-2025:1088

RHSA-2025:1089

RHSA-2025:1090

RHSA-2025:1091

RHSA-2025:1092

RHSA-2025:1093

RHSA-2025:1094

RHSA-2025:1095

RHSA-2025:1096

RHSA-2025:1097

SUSE-SU-2025:0561-1

SUSE-SU-2025:0578-1

SUSE-SU-2025:0583-1

SUSE-SU-2025:0742-1

SUSE-SU-2025_0561-1

SUSE-SU-2025_0578-1

SUSE-SU-2025_0583-1

SUSE-SU-2025_0742-1

SUSE-SU-2026:0280-1

SUSE-SU-2026:0290-1

SUSE-SU-2026:20049-1

SUSE-SU-2026:20061-1

USN-7396-1

Affected Products

Astra Linux

Debian

Linuxmint

Open Virtual Network

Red Os

Suse

Ubuntu

PT-2025-3995 · Unknown+6 · Open Virtual Network+6

CVE-2025-0650

Weakness Enumeration

Related Identifiers

Affected Products

References · 73