Omni Wireguard SideroLink potential escape

Overview Omni and each Talos machine establish a peer-to-peer P2P SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a /64 network block. Omni itself uses the fixed ::1 address within th...

PT-2025-39337

Name of the Vulnerable Software and Affected Versions Omni versions prior to 0.48.0 Description Omni, a Kubernetes management platform, has a potential issue where the Wireguard SideroLink component could be exploited to allow unauthorized packet transmission. The system establishes a peer-to-pee...

CVE-2025-59054

dstack is a software development kit SDK to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the /data mount. The guest will open t...

dstack 安全漏洞

dstack is a TEE deployment tool from the Dstack TEE open source. A security vulnerability exists in versions prior to dstack 0.5.4, which stems from the possibility that a malicious host could provide specially crafted LUKS2 data volumes, leading to the disclosure of Wireguard keys and other secr...

Linux Distros Unpatched Vulnerability : CVE-2021-46873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a...

Linux Distros Unpatched Vulnerability : CVE-2023-35838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP...

Linux Distros Unpatched Vulnerability : CVE-2024-42247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the...

CVE-2024-25631

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

CVE-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

CVE-2024-28250

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's...

CVE-2023-46683

A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated...

CVE-2023-35838

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

CVE-2023-32079

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

CVE-2022-21132

Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.54 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.61 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder...

CVE-2021-46873

WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim's system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently...

Assessing the Latency of Network Layer Security in 5G Networks

In contrast to its predecessors, 5G supports a wide range of commercial, industrial, and critical infrastructure scenarios. One key feature of 5G, ultra-reliable low latency communication, is particularly appealing to such scenarios for its real-time capabilities. However, 5G's enhanced security,...

CVE-2025-32793

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...

SUSE CVE-2025-32793

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...

BIT-HUBBLE-RELAY-2025-32793 Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...