CVE-2025-23047

Name of the Vulnerable Software and Affected Versions Cilium versions 1.14.0 through 1.14.7 Cilium versions 1.15.0 through 1.15.11 Cilium versions 1.16.0 through 1.16.4

Description Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this issue to be exploited, a victim would have to first visit a malicious page.

Recommendations For versions 1.14.0 through 1.14.7, update to version 1.14.18 or later. For versions 1.15.0 through 1.15.11, update to version 1.15.12 or later. For versions 1.16.0 through 1.16.4, update to version 1.16.5 or later. As a temporary workaround, users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template.