CVE-2024-25630

Summary

CVE-2024-25630 is a vulnerability affecting Cilium, a networking, observability, and security solution that uses an eBPF-based dataplane. Due to a configuration issue, traffic to and from Ingress and health endpoints for Cilium users relying on CRDs for state storage and Wireguard transparent encryption is unencrypted. This vulnerability, which can expose sensitive data, impacts Cilium versions 1.14 up to and including 1.14.6. The latest patch for this issue is available in Cilium version 1.14.7; there is currently no workaround for affected users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.