CVE-2025-0650
Ovn: egress acls may be bypassed via specially crafted udp packet
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.1EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
23 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
ovnRed Hat · Fast Datapath for Red Hat Enterprise Linux 8Red Hat · Fast Datapath for Red Hat Enterprise Linux 9Red Hat · Red Hat OpenShift Container Platform 4¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2025:1083https://access.redhat.com/errata/RHSA-2025:1084https://access.redhat.com/errata/RHSA-2025:1085https://access.redhat.com/errata/RHSA-2025:1086https://access.redhat.com/errata/RHSA-2025:1087https://access.redhat.com/errata/RHSA-2025:1088https://access.redhat.com/errata/RHSA-2025:1089https://access.redhat.com/errata/RHSA-2025:1090https://access.redhat.com/errata/RHSA-2025:1091https://access.redhat.com/errata/RHSA-2025:1092https://access.redhat.com/errata/RHSA-2025:1093https://access.redhat.com/errata/RHSA-2025:1094