What is the CVSS score of CVE-2025-32793?

CVE-2025-32793 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Cilium are affected by CVE-2025-32793?

Organizations using Cilium should be aware of moderate risk from CVE-2025-32793 rated CVSS 4.0. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-32793?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Cilium CVE-2025-32793

MEDIUM

Cleartext Transmission of Sensitive Information (CWE-319)

2025-04-21 security-advisories@github.com

Information Disclosure Cilium Suse

4.0

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

4.0 MEDIUM

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

SUSE

3.1 LOW

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:38 vuln.today

Patch released

Mar 28, 2026 - 18:38 nvd

Patch available

CVE Published

Apr 21, 2025 - 16:15 nvd

MEDIUM 4.0

DescriptionGitHub Advisory

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.

AnalysisAI

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Technical ContextAI

This vulnerability is classified under CWE-319. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue. Affected products include: Cilium.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

SUSE

Severity: Low

Product	Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/kvm-os-container:latest Container suse/sl-micro/6.0/rt-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE	Affected
SUSE Linux Enterprise Server 16.0	Fixed
openSUSE Tumbleweed	Fixed

CVE-2025-32793 vulnerability details – vuln.today

Back

Cilium CVE-2025-32793

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code