First published: Tue Jan 14 2025(Updated: )
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IETF IPv6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-23018 is classified as a high-severity vulnerability due to its potential for allowing unauthorized traffic manipulation.
To mitigate CVE-2025-23018, implement strict source validation and verification for network packets during IPv4-in-IPv6 and IPv6-in-IPv6 tunneling.
CVE-2025-23018 affects implementations of IPv6 tunneling protocols, particularly those adhering to RFC 2473.
CVE-2025-23018 could lead to significant network security risks by enabling packet spoofing and potential traffic interception.
Yes, CVE-2025-23018 is similar to CVE-2020-10136, as both involve tunneling protocols lacking adequate source validation.