- Description
- IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.7
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- MEDIUM
- cve@mitre.org
- CWE-940
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
ICYMI—the SEI's CERT Division released a vulnerability note: insecure implementation of tunneling protocols (GRE/IPIP/4in6/6in4). (CVE-2020-10136, CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019) https://t.co/yKpfXOEaVX https://t.co/onq3OwwNde
@SEI_CMU
22 Jan 2025
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23019 IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. https://t.co/j7wmH2uCcu
@CVEnew
19 Jan 2025
373 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23019 Exposed IPv6-in-IPv4 Tunneling Enables Traffic Spoofing https://t.co/7UJvxBkNo3
@VulmonFeeds
15 Jan 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:ipv6:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9143AE03-F25A-4C4A-9037-DFBC9B4F5FB8"
}
],
"operator": "OR"
}
]
}
]