Incorrect Authorization Affecting cilium-1.16-operator-generic package, versions <1.16.17-r0


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.21% (12th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-CILIUM116OPERATORGENERIC-14092272
  • published22 Nov 2025
  • disclosed24 Mar 2025

Introduced: 24 Mar 2025

CVE-2025-30162  (opens in a new tab)
CWE-863  (opens in a new tab)

How to fix?

Upgrade Minimos:latest cilium-1.16-operator-generic to version 1.16.17-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream cilium-1.16-operator-generic package and not the cilium-1.16-operator-generic package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces, egress traffic from workloads covered by such network policies to LoadBalancers configured by Gateway resources will incorrectly be allowed. LoadBalancer resources not deployed via a Gateway API configuration are not affected by this issue. This issue affects: Cilium v1.15 between v1.15.0 and v1.15.14 inclusive, v1.16 between v1.16.0 and v1.16.7 inclusive, and v1.17 between v1.17.0 and v1.17.1 inclusive. This issue is fixed in Cilium v1.15.15, v1.16.8, and v1.17.2. A Clusterwide Cilium Network Policy can be used to work around this issue for users who are unable to upgrade.

CVSS Base Scores

version 3.1