kgateway is missing xDS authorization_CVE-2025-64323

5.3 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.

Basic Information

ID CVE-2025-64323

Source GitHub_M

Published Nov 7, 2025 at 03:18

Affected Product

Vendor kgateway-dev

Product kgateway

Version >= 2.1.0-agw-cel-rbac, < 2.1.0

Affected Versions kgateway-dev kgateway >= 2.1.0-agw-cel-rbac, < 2.1.0
kgateway-dev kgateway < 2.0.5

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.",
    "published": "2025-11-07T03:18:48.993Z",
    "modified": "2025-11-07T03:18:48.993Z",
    "type": "cve",
    "title": "kgateway is missing xDS authorization",
    "source": "GitHub_M",
    "references": "https://github.com/kgateway-dev/kgateway/security/advisories/GHSA-4766-x535-jw3r\nhttps://github.com/kgateway-dev/kgateway/issues/10651\nhttps://github.com/kgateway-dev/kgateway/pull/12471\nhttps://github.com/kgateway-dev/kgateway/pull/12535",
    "id": "CVE-2025-64323",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "kgateway-dev kgateway >= 2.1.0-agw-cel-rbac, < 2.1.0\nkgateway-dev kgateway < 2.0.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "kgateway",
    "version": ">= 2.1.0-agw-cel-rbac, < 2.1.0",
    "vendor": "kgateway-dev",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}