CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23019: IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.

5.4 CVSS

Description

IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.

Classification

CVE ID: CVE-2025-23019

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

Affected Products

Vendor: IETF

Product: IPv6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 29.97% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://datatracker.ietf.org/doc/html/rfc4213
https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf
https://www.top10vpn.com/research/tunneling-protocol-vulnerability/

Timeline