Improper Traffic Filtering

github.com/containernetworking/plugins is vulnerable to improper traffic filtering. The vulnerability is due to incorrect handling of destination IP when using the nftables backend, which allows an attacker to intercept unintended traffic destined for the same host port across containers...

Linux Distros Unpatched Vulnerability : CVE-2025-67499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently...

CVE-2025-67499

The CVE-2025-67499 issue affects the CNI portmap plugin (versions 1.6.0–1.8.0) when configured with the nftables backend: it forwards all traffic sharing the host port, ignoring the destination IP, enabling containers requesting HostPort forwarding to intercept traffic not intended for the node. ...

GHSA-JV3W-X3R3-G6RM CNA Plugins Portmap nftables backend can intercept non-local traffic

Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...

PT-2025-50280

Name of the Vulnerable Software and Affected Versions CNI portmap plugin versions 1.6.0 through 1.8.0 Description The CNI portmap plugin flaw allows containers to intercept traffic not intended for the node. This occurs when the plugin is configured with the nftables backend, inadvertently...

Securing Containers in The AWS Cloud with Trend Micro

Rapid adoption of containers is changing the way that businesses build their applications. Services like Amazon ECS, Amazon EKS, and AWS Fargate let builders focus on solving business problems instead of managing infrastructure. But the move to containers also requires a shift in how you approach...