CVE-2025-67499

LOW EPSS 1.9%
Published Dec 10, 20256mo ago · Modified Jun 17, 20262w ago
3.6 CVSS 3.1
Low
Find Similar
Published Dec 10, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus ignoring the destination IP. This includes traffic not intended for the node itself, i.e. traffic to containers hosted on the node. Containers that request HostPort forwarding can intercept all traffic destined for that port. This requires that the portmap plugin be explicitly configured to use the nftables backend. This issue is fixed in version 1.9.0. To workaround, configure the portmap plugin to use the iptables backend. It does not have this vulnerability.

CVSS Details

Base Score
3.6
Exploitability
1.0
Impact
2.5
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
linuxfoundationcni_network_plugins*≥1.6.0  –  <1.9.0

References 3

  • github.com https://github.com/containernetworking/plugins/pull/1210
    Issue TrackingPatch
  • github.com https://github.com/containernetworking/plugins/releases/tag/v1.9.0
    ProductRelease Notes
  • github.com https://github.com/containernetworking/plugins/security/advisories/GHSA-jv3w-x3r3-g6rm
    Vendor Advisory

Remediation

  • github.com https://github.com/containernetworking/plugins/pull/1210
    Issue TrackingPatch