← back
CVE-2025-23019

CVE-2025-23019

CVSS 5.4 MEDIUMEPSS 0.9%CWE-940
In short

A flaw in IPv6-in-IPv4 tunneling allows attackers to forge network traffic and redirect it through an unprotected network connection. This can lead to unauthorized access or data interception.

Technical detail

The vulnerability exploits improper validation in RFC 4213 IPv6-in-IPv4 tunnel implementations, permitting traffic spoofing and rerouting via exposed interfaces. An attacker on the network segment can craft malicious tunnel packets to bypass routing controls and intercept or redirect traffic, impacting confidentiality and integrity.

Summary generated and translated by AI from the official description.
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected products
IETF · IPv6

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://datatracker.ietf.org/doc/html/rfc4213https://papers.mathyvanhoef.com/usenix2025-tunnels.pdfhttps://www.kb.cert.org/vuls/id/199397https://www.top10vpn.com/research/tunneling-protocol-vulnerability/