Description

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.

INFO

Published Date :

2025-11-07T03:18:48.993Z

Last Modified :

2025-11-07T17:50:53.540Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64323 vulnerability.

Vendors Products
Kgateway
  • Kgateway
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64323.

URL Resource
https://github.com/kgateway-dev/kgateway/issues/10651 cve-icon cve-icon
https://github.com/kgateway-dev/kgateway/pull/12471 cve-icon cve-icon
https://github.com/kgateway-dev/kgateway/pull/12535 cve-icon cve-icon
https://github.com/kgateway-dev/kgateway/security/advisories/GHSA-4766-x535-jw3r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact