Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cilium | Cilium | >= 1.13.0, < 1.15.16 |
Related Weaknesses (CWE)
References
- https://github.com/cilium/cilium/pull/38592Patch
- https://github.com/cilium/cilium/security/advisories/GHSA-5vxx-c285-pcq4PatchThird Party Advisory
FAQ
What is CVE-2025-32793?
CVE-2025-32793 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard trans...
How severe is CVE-2025-32793?
CVE-2025-32793 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-32793?
Check the references section above for vendor advisories and patch information. Affected products include: Cilium Cilium.