fkie_cve-2025-0650
Vulnerability from fkie_nvd
Published
2025-01-23 17:15
Modified
2025-02-06 09:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1083
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1084
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1085
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1086
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1087
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1088
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1089
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1090
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1091
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1092
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1093
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1094
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1095
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1096
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:1097
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-0650
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2339537
secalert@redhat.comhttps://www.openwall.com/lists/oss-security/2025/01/22/5
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/01/22/11
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en Open Virtual Network (OVN). Los paquetes UDP manipulados en particular pueden eludir las listas de control de acceso (ACL) de salida en instalaciones OVN configuradas con un conmutador l\u00f3gico con registros DNS configurados en \u00e9l y si el mismo conmutador tiene alguna ACL de salida configurada. Este problema puede provocar acceso no autorizado a m\u00e1quinas virtuales y contenedores que se ejecutan en la red OVN."
    }
  ],
  "id": "CVE-2025-0650",
  "lastModified": "2025-02-06T09:15:11.697",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-23T17:15:22.163",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1084"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1085"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1086"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1087"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1088"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1089"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1090"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1091"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1092"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1093"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1094"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1095"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1096"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:1097"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/security/cve/CVE-2025-0650"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339537"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.openwall.com/lists/oss-security/2025/01/22/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2025/01/22/11"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.