CVE-2025-0650
Ovn: egress acls may be bypassed via specially crafted udp packet
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
| CWE | CWE-284 |
| Published | Jan 23, 2025 |
| Last Updated | Nov 20, 2025 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new high vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1083 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1084 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1085 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1086 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1087 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1088 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1089 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1090 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1091 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1092 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1093 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1094 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1095 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1096 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1097 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-0650 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2339537 openwall.com: https://www.openwall.com/lists/oss-security/2025/01/22/5 openwall.com: http://www.openwall.com/lists/oss-security/2025/01/22/11