CVE-2025-0650

EPSS 0.7%
Published 23.01.2025 17:15:22
Last modified 06.02.2025 09:15:11
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/ovn-org/ovn

≫

Package ovn

Default Statusunknown

Version 22.03.8

Status unaffected

Version 24.03.5

Status unaffected

Version 24.09.2

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:22.03.7-11.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:22.06.0-273.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:22.09.2-86.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:22.12.1-107.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:23.03.3-22.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:23.06.4-26.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.03.7-11.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.06.0-273.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.09.2-86.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.12.1-107.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.03.3-22.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.06.4-26.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.09.6-12.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:24.03.4-53.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:24.09.1-66.el9fdp

Status unaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunknown

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunknown

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunknown

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunknown

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat OpenShift Container Platform 4

Default Statusunaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.7%	0.711

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://access.redhat.com/errata/RHSA-2025:1083

https://access.redhat.com/errata/RHSA-2025:1084

https://access.redhat.com/errata/RHSA-2025:1085

https://access.redhat.com/errata/RHSA-2025:1086

https://access.redhat.com/errata/RHSA-2025:1087

https://access.redhat.com/errata/RHSA-2025:1088

https://access.redhat.com/errata/RHSA-2025:1089

https://access.redhat.com/errata/RHSA-2025:1090

https://access.redhat.com/errata/RHSA-2025:1091

https://access.redhat.com/errata/RHSA-2025:1092

https://access.redhat.com/errata/RHSA-2025:1093

https://access.redhat.com/errata/RHSA-2025:1094

https://access.redhat.com/errata/RHSA-2025:1095

https://access.redhat.com/errata/RHSA-2025:1096

https://access.redhat.com/errata/RHSA-2025:1097

https://access.redhat.com/security/cve/CVE-2025-0650

https://bugzilla.redhat.com/show_bug.cgi?id=2339537

https://www.openwall.com/lists/oss-security/2025/01/22/5

http://www.openwall.com/lists/oss-security/2025/01/22/11

https://nvd.nist.gov/vuln/detail/CVE-2025-0650

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0650

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0650

EUVD