CVE-2025-48056 (GCVE-0-2025-48056)

Vulnerability from cvelistv5 – Published: 2025-05-20 19:55 – Updated: 2025-05-20 20:15
VLAI?
Summary
Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE
  • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
Vendor Product Version
cilium hubble Affected: < 1.17.2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48056",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T20:09:58.060408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T20:15:17.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hubble",
          "vendor": "cilium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.17.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T19:55:58.193Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7"
        },
        {
          "name": "https://github.com/cilium/cilium/pull/37401",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cilium/cilium/pull/37401"
        }
      ],
      "source": {
        "advisory": "GHSA-274q-79q9-52j7",
        "discovery": "UNKNOWN"
      },
      "title": "Hubble CLI vulnerable to character injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48056",
    "datePublished": "2025-05-20T19:55:58.193Z",
    "dateReserved": "2025-05-15T16:06:40.940Z",
    "dateUpdated": "2025-05-20T20:15:17.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48056\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-20T20:15:42.790\",\"lastModified\":\"2025-05-21T20:24:58.133\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.\"},{\"lang\":\"es\",\"value\":\"Hubble es una plataforma de observabilidad de seguridad y redes totalmente distribuida para cargas de trabajo nativas de la nube. Antes de la versi\u00f3n 1.17.2, un atacante de red pod\u00eda inyectar caracteres de control maliciosos en la salida del terminal Hubble CLI, lo que podr\u00eda provocar la p\u00e9rdida de integridad y la manipulaci\u00f3n de la salida. Esto podr\u00eda aprovecharse para ocultar entradas de registro, reescribir la salida o incluso inutilizar temporalmente el terminal. Para explotar este ataque, la v\u00edctima deber\u00eda estar monitorizando el tr\u00e1fico de Kafka mediante la visibilidad del protocolo de capa 7 en el momento del ataque. El problema est\u00e1 corregido en la versi\u00f3n 1.17.2 de Hubble CLI. Los usuarios de Hubble CLI que no puedan actualizar pueden dirigir sus flujos de Hubble a un archivo de registro e inspeccionar la salida en un editor de texto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"references\":[{\"url\":\"https://github.com/cilium/cilium/pull/37401\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48056\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-20T20:09:58.060408Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-20T20:10:06.890Z\"}}], \"cna\": {\"title\": \"Hubble CLI vulnerable to character injection\", \"source\": {\"advisory\": \"GHSA-274q-79q9-52j7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"cilium\", \"product\": \"hubble\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.17.2\"}]}], \"references\": [{\"url\": \"https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7\", \"name\": \"https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/cilium/cilium/pull/37401\", \"name\": \"https://github.com/cilium/cilium/pull/37401\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-20T19:55:58.193Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48056\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-20T20:15:17.170Z\", \"dateReserved\": \"2025-05-15T16:06:40.940Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-20T19:55:58.193Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.