#VU103659 Security features bypass in Open Virtual Network - CVE-2025-0650
Vulnerability identifier: #VU103659
Vulnerability risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Open Virtual Network
Server applications /
Other server solutions
Vendor: Open Virtual Network
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper handling of UDP packets. A remote attacker can send specially crafted UDP packets that bypass egress access control lists (ACLs) in OVN installations and gain unauthorized access to virtual machines and containers running on the OVN network.
Successful exploitation of the vulnerability requires that ACLs on OVN installations are configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Open Virtual Network: 22.03.0 - 22.03.7, 22.06.0 - 22.06.1, 22.09.0 - 22.09.3, 22.12.0 - 22.12.2, 23.03.0 - 23.03.3, 23.06.0 - 23.06.5, 23.09.0 - 23.09.6, 24.03.0 - 24.03.4, 24.09.0 - 24.09.1
External links
https://www.openwall.com/lists/oss-security/2025/01/22/11
https://bugzilla.redhat.com/show_bug.cgi?id=2339537
https://www.openwall.com/lists/oss-security/2025/01/22/5
https://github.com/ovn-org/ovn/commit/f22a1ba9c127795bebcfbd41d772bb071f893a6d
https://github.com/ovn-org/ovn/commit/70618a65fd49f1d1d5498927c0bed63e296dafb7
https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668
https://mail.openvswitch.org/pipermail/ovs-dev/2025-January/419993.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
