Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-yq4m-r3wn-mken

Summary Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue.

Aliases

alias	CVE-2025-64715

alias	GHSA-38pp-6gcp-rqvm

Fixed_packages

url	pkg:golang/Ciliumgithub.com/cilium/cilium@1.17.10
purl	pkg:golang/Ciliumgithub.com/cilium/cilium@1.17.10
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/Ciliumgithub.com/cilium/cilium@1.17.10

url	pkg:golang/github.com/cilium/cilium@1.16.17
purl	pkg:golang/github.com/cilium/cilium@1.16.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.16.17

url	pkg:golang/github.com/cilium/cilium@1.18.4
purl	pkg:golang/github.com/cilium/cilium@1.18.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cilium/cilium@1.18.4

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64715

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00639
published_at	2026-06-14T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00636
published_at	2026-06-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00635
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64715

reference_url

https://github.com/cilium/cilium

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cilium/cilium

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64715

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64715

reference_url

https://github.com/cilium/cilium/commit/a385856b59c8289cc7273fa3a3062bbf0ef96c97

reference_id

a385856b59c8289cc7273fa3a3062bbf0ef96c97

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:48:58Z/

url

https://github.com/cilium/cilium/commit/a385856b59c8289cc7273fa3a3062bbf0ef96c97

reference_url

https://github.com/cilium/cilium/security/advisories/GHSA-38pp-6gcp-rqvm

reference_id

GHSA-38pp-6gcp-rqvm

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:48:58Z/

url

https://github.com/cilium/cilium/security/advisories/GHSA-38pp-6gcp-rqvm

reference_url

https://github.com/cilium/cilium/releases/tag/v1.16.17

reference_id

v1.16.17

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:48:58Z/

url

https://github.com/cilium/cilium/releases/tag/v1.16.17

reference_url

https://github.com/cilium/cilium/releases/tag/v1.17.10

reference_id

v1.17.10

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:48:58Z/

url

https://github.com/cilium/cilium/releases/tag/v1.17.10

reference_url

https://github.com/cilium/cilium/releases/tag/v1.18.4

reference_id

v1.18.4

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:48:58Z/

url

https://github.com/cilium/cilium/releases/tag/v1.18.4

Weaknesses

cwe_id	284
name	Improper Access Control
description	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yq4m-r3wn-mken

Vulnerability Instance