How severe is CVE-2025-30162?

This vulnerability has a severity rating of LOW with a CVSS score of 3.2 out of 10.

What type of vulnerability is CVE-2025-30162?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-30162 - LOW Severity | CVSS 3.2

Vulnerability Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by `Gateway` resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.

Related Vulnerabilities

CVE-2018-10910

LOW

CVSS:3.3(Low)

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bl...

CWE-8632018

CVE-2018-7957

LOW

CVSS:3.3(Low)

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an applica...

CWE-8632018

CVE-2019-9364

LOW

CVSS:3.3(Low)

In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additi...

CWE-8632019

CVE-2020-0481

LOW

CVSS:3.3(Low)

In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, wi...

CWE-8632020

CVE-2022-20558

LOW

CVSS:3.3(Low)

In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additi...

CWE-8632022

CVE-2022-33718

LOW

CVSS:3.3(Low)

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

CWE-8632022