What is the CVSS score of CVE-2025-64715?

CVE-2025-64715 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Cilium are affected by CVE-2025-64715?

Organizations using Cilium should be aware of moderate risk from CVE-2025-64715, a improper access control vulnerability rated CVSS 4.0.. A patch is available.

How to fix or mitigate CVE-2025-64715?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Cilium CVE-2025-64715

MEDIUM

Improper Access Control (CWE-284)

2025-11-29 security-advisories@github.com

Authentication Bypass Cilium Suse

4.0

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

4.0 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SUSE

5.5 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:24 vuln.today

Patch released

Mar 28, 2026 - 19:24 nvd

Patch available

CVE Published

Nov 29, 2025 - 01:16 nvd

MEDIUM 4.0

DescriptionGitHub Advisory

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue.

AnalysisAI

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue. Affected products include: Cilium.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

SUSE

Severity: Medium

CVE-2025-64715 vulnerability details – vuln.today

Back

Cilium CVE-2025-64715

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code