CVE-2025-0650 HIGH

CVE-2025-0650: Ovn: egress acls may be bypassed via specially crafted udp packet

Vendor Red Hat
Product Red Hat OpenShift Container Platform 4
Weakness CWE-284
Published January 23, 2025
Last update November 20, 2025
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

Key dates

02Disclosure timeline

January 23, 2025 CVE published
November 20, 2025 Record updated