CVE-2025-64715

CVSS v3.1

4.0

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.16.17 Cilium versions prior to 1.17.10 Cilium versions prior to 1.18.4

Description Cilium is a networking, observability, and security solution with an eBPF-based dataplane. CiliumNetworkPolicys utilizing

egress.toGroups.aws.securityGroupsIds

referencing non-existent or unattached AWS security group IDs may unintentionally permit wider outbound access than intended. Specifically, the

toCIDRset

section of the resulting policy is not generated, potentially allowing traffic to more destinations than originally configured.

Recommendations Update to Cilium version 1.16.17 or later. Update to Cilium version 1.17.10 or later. Update to Cilium version 1.18.4 or later.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-64715

Affected Products

Cilium

CVE-2025-64715

Weakness Enumeration

Related Identifiers

Affected Products

References · 9