CVE-2025-23018

CVSS 5.4 MEDIUMEPSS 1.0%CWE-940

In short

IPv4 and IPv6 tunneling protocols don't verify where network packets actually come from, allowing attackers to fake the origin and redirect traffic through exposed network connections. This matters because it can be used to bypass security controls and reach systems that shouldn't be accessible.

Technical detail

RFC 2473 IPv4-in-IPv6 and IPv6-in-IPv6 tunneling implementations lack source packet validation, enabling IP spoofing attacks. An attacker with network access to an exposed tunneling interface can inject crafted packets with forged source addresses and route arbitrary traffic to unintended destinations, potentially bypassing firewall rules and network segmentation controls.

Summary generated and translated by AI from the official description.

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected products

IETF · IPv6

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://datatracker.ietf.org/doc/html/rfc2473 https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf https://www.kb.cert.org/vuls/id/199397 https://www.top10vpn.com/research/tunneling-protocol-vulnerability/