PT-2025-43432 · Slack · Slack Nebula

Published

2025-10-23

Updated

2026-04-01

CVE-2025-62820

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Slack Nebula versions prior to 1.9.7

Description Slack Nebula, in some configurations, does not properly handle CIDR (Classless Inter-Domain Routing) notation. This allows for the acceptance of arbitrary source IP addresses within the Nebula network.

Recommendations Update to version 1.9.7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-420

Related Identifiers

CLEANSTART-2026-CE02533

CLEANSTART-2026-CV29689

CLEANSTART-2026-KC01126

CLEANSTART-2026-KV78041

CLEANSTART-2026-MI26039

CLEANSTART-2026-OL60454

CLEANSTART-2026-UZ79996

CVE-2025-62820

GHSA-X6FH-7QMF-69XH

GO-2025-4068

OPENSUSE-SU-2025:15710-1

Affected Products

Slack Nebula

PT-2025-43432 · Slack · Slack Nebula

CVE-2025-62820

Weakness Enumeration

Related Identifiers

Affected Products

References · 139