CVE-2025-32793
Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.
How to fix CVE-2025-32793
To remediate CVE-2025-32793, upgrade the affected package to a fixed version below.
- —upgrade to 1.17.3 or later
- —upgrade to 1.17.3 or later
- —upgrade to 1.17.3 or later
- —upgrade to 1.15.16 or later
- —upgrade to 1.15.16 or later
Is CVE-2025-32793 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (5)
- >= 1.13.0, < 1.17.3
- >= 1.13.0, < 1.17.3
- >= 1.13.0, < 1.17.3
- >= 1.13.0, < 1.15.16
- >= 1.13.0, < 1.15.16, >= 1.16.0, < 1.16.9, >= 1.17.0, < 1.17.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |