CVE-2025-0650
Ovn: egress acls may be bypassed via specially crafted udp packet
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
23 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
ovnRed Hat · Fast Datapath for Red Hat Enterprise Linux 8Red Hat · Fast Datapath for Red Hat Enterprise Linux 9Red Hat · Red Hat OpenShift Container Platform 4Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2025:1083https://access.redhat.com/errata/RHSA-2025:1084https://access.redhat.com/errata/RHSA-2025:1085https://access.redhat.com/errata/RHSA-2025:1086https://access.redhat.com/errata/RHSA-2025:1087https://access.redhat.com/errata/RHSA-2025:1088https://access.redhat.com/errata/RHSA-2025:1089https://access.redhat.com/errata/RHSA-2025:1090https://access.redhat.com/errata/RHSA-2025:1091https://access.redhat.com/errata/RHSA-2025:1092https://access.redhat.com/errata/RHSA-2025:1093https://access.redhat.com/errata/RHSA-2025:1094