x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2025-32793

[GoVulnBot]

Advisory CVE-2025-32793 references a vulnerability in the following Go modules:

Module
github.com/cilium/cilium

Description:
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. This issue has been patched in versions 1.15.16, 1.16.9, and 1.17.3. There are no workarounds available for this issue.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-32793
• FIX: bpf: wireguard: avoid ipcache lookup for source's security identity cilium/cilium#38592
• WEB: GHSA-5vxx-c285-pcq4

Cross references:

• github.com/cilium/cilium appears in 31 other report(s):
  • data/excluded/GO-2022-0530.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-wc5v-r48v-g4vh #530) NOT_GO_CODE
  • data/excluded/GO-2023-1642.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4hc4-pgfx-3mrx #1642) NOT_GO_CODE
  • data/reports/GO-2022-0393.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-c66w-hq56-4q97 #393)
  • data/reports/GO-2022-0457.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29178 #457)
  • data/reports/GO-2022-0458.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2022-29179 #458)
  • data/reports/GO-2022-0959.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pfhr-pccp-hwmh #959)
  • data/reports/GO-2023-1643.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-8fg8-jh2h-f2hc #1643)
  • data/reports/GO-2023-1644.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-r5x6-w42p-jhpp #1644)
  • data/reports/GO-2023-1730.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-29002 #1730)
  • data/reports/GO-2023-1785.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-2h44-x2wx-49f4 #1785)
  • data/reports/GO-2023-1862.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2023-34242 #1862)
  • data/reports/GO-2023-2078.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-gj2r-phwg-6rww #2078)
  • data/reports/GO-2023-2079.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-24m5-r6hv-ccgp #2079)
  • data/reports/GO-2023-2080.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-4xp2-w642-7mcx #2080)
  • data/reports/GO-2024-2568.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-25630 #2568)
  • data/reports/GO-2024-2569.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-25631 #2569)
  • data/reports/GO-2024-2653.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-68mj-9pjq-mc85 #2653)
  • data/reports/GO-2024-2656.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-j89h-qrvr-xc36 #2656)
  • data/reports/GO-2024-2657.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-v6q2-4qr3-5cw6 #2657)
  • data/reports/GO-2024-2666.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-pwqm-x5x6-5586 #2666)
  • data/reports/GO-2024-2922.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-37307 #2922)
  • data/reports/GO-2024-3071.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42487 #3071)
  • data/reports/GO-2024-3072.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42488 #3072)
  • data/reports/GO-2024-3074.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-42486 #3074)
  • data/reports/GO-2024-3208.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-3wwx-63fv-pfq6 #3208)
  • data/reports/GO-2024-3290.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2024-52529 #3290)
  • data/reports/GO-2025-3415.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-9m5p-c77c-f9j7 #3415)
  • data/reports/GO-2025-3416.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: GHSA-h78m-j95m-5356 #3416)
  • data/reports/GO-2025-3560.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2025-30162 #3560)
  • data/reports/GO-2025-3561.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2025-30163 #3561)
  • data/reports/GO-2025-3561.yaml (x/vulndb: potential Go vuln in github.com/cilium/cilium: CVE-2025-30163 #3561)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/cilium/cilium
      vulnerable_at: 1.17.3
summary: CVE-2025-32793 in github.com/cilium/cilium
cves:
    - CVE-2025-32793
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-32793
    - fix: https://github.com/cilium/cilium/pull/38592
    - web: https://github.com/cilium/cilium/security/advisories/GHSA-5vxx-c285-pcq4
source:
    id: CVE-2025-32793
    created: 2025-04-21T17:01:28.060100382Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/667315 mentions this issue: data/reports: add 7 reports