15 matches found
Improper Input Validation
github.com/siderolabs/omni is vulnerable to an improper input validation. The vulnerability is due to the lack of validation on the destination address in the WireGuard SideroLink interface configuration, which allows an attacker with access to a malicious workload to send arbitrary packets over...
SUSE CVE-2025-59824
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
GO-2025-3979 Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni
Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni...
EUVD-2025-31044
Malicious code in bioql PyPI...
CVE-2025-59824
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SideroLink connection. An attacker can send arbitrary packets over the interface by exploiting the lack of validation on the packet's destination address. Workaround Users who are not able to upgrade to t...
CVE-2025-59824
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
CVE-2025-59824
The CVE CVE-2025-59824 affects Omni’s WireGuard-based SideroLink used to connect Omni to Talos machines. The issue: the WireGuard interface validates that the source IP matches the Talos peer IPv6 address but does not validate the destination address, meaning a malicious workload on the same Kube...
CVE-2025-59824 Omni Wireguard SideroLink potential escape
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
CVE-2025-59824 Omni Wireguard SideroLink potential escape
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
CVE-2025-59824 Omni Wireguard SideroLink potential escape
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. The...
GHSA-HQRF-67PM-WGFQ Omni Wireguard SideroLink potential escape
Overview Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within th...
Omni Wireguard SideroLink potential escape
Overview Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within th...
PT-2025-39337
Name of the Vulnerable Software and Affected Versions Omni versions prior to 0.48.0 Description Omni, a Kubernetes management platform, has a potential issue where the Wireguard SideroLink component could be exploited to allow unauthorized packet transmission. The system establishes a peer-to-pee...
omni 安全漏洞
omni is a Kubernetes deployment tool open-sourced by Sidero Labs, Inc. A security vulnerability exists in Omni versions prior to 0.48.0 that stems from an unverified packet destination address that could lead to a malicious load sending arbitrary packets through the SideroLink interface...