How severe is CVE-2025-30163?

This vulnerability has a severity rating of LOW with a CVSS score of 3.4 out of 10.

What type of vulnerability is CVE-2025-30163?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-30163 - LOW Severity | CVSS 3.4

Vulnerability Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node endpoints that share the labels specified in `fromNodes` and `toNodes` sections of network policies. Node based network policy is disabled by default in Cilium. This issue affects: Cilium v1.16 between v1.16.0 and v1.16.7 inclusive and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.16.8 and v1.17.2. Users can work around this issue by ensuring that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints.

Related Vulnerabilities

CVE-2020-35501

LOW

CVSS:3.4(Low)

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

CWE-8632020

CVE-2024-54010

LOW

CVSS:3.4(Low)

A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the...

CWE-8632024

CVE-2018-10910

LOW

CVSS:3.3(Low)

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bl...

CWE-8632018

CVE-2018-7957

LOW

CVSS:3.3(Low)

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an applica...

CWE-8632018

CVE-2019-9364

LOW

CVSS:3.3(Low)

In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additi...

CWE-8632019

CVE-2020-0481

LOW

CVSS:3.3(Low)

In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, wi...

CWE-8632020