Home

Description

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

PUBLISHED Reserved 2025-10-23 | Published 2025-10-23 | Updated 2025-10-23 | Assigner mitre




MEDIUM: 4.9CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

Problem types

CWE-420 Unprotected Alternate Channel

Product status

Default status
unaffected

Any version before 1.9.7
affected

References

github.com/slackhq/nebula/pull/1493

github.com/slackhq/nebula/pull/1494

cve.org (CVE-2025-62820)

nvd.nist.gov (CVE-2025-62820)

Download JSON