{"id":"CVE-2025-64323","summary":"kgateway is missing xDS authorization","details":"kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.","aliases":["GHSA-4766-x535-jw3r","GO-2025-4094"],"modified":"2026-04-10T05:34:32.390805Z","published":"2025-11-07T03:18:48.993Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64323.json","cwe_ids":["CWE-862"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64323.json"},{"type":"ADVISORY","url":"https://github.com/kgateway-dev/kgateway/security/advisories/GHSA-4766-x535-jw3r"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64323"},{"type":"REPORT","url":"https://github.com/kgateway-dev/kgateway/issues/10651"},{"type":"FIX","url":"https://github.com/kgateway-dev/kgateway/pull/12471"},{"type":"FIX","url":"https://github.com/kgateway-dev/kgateway/pull/12535"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kgateway-dev/kgateway","events":[{"introduced":"3c56adc13dbc3a6519e03aefa5a07e9c7c0923b0"},{"fixed":"3c56adc13dbc3a6519e03aefa5a07e9c7c0923b0"}],"database_specific":{"versions":[{"introduced":"2.1.0-agw-cel-rbac"},{"fixed":"2.1.0"}]}},{"type":"GIT","repo":"https://github.com/kgateway-dev/kgateway","events":[{"introduced":"0"},{"fixed":"e309e0a2687505ed8a52f478865a9d54cdaac4eb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.5"}]}}],"versions":["0.5.0","0.5.1","1.3.10","v0.10.0","v0.10.1","v0.10.2","v0.10.3","v0.10.4","v0.10.5","v0.11.0","v0.11.1","v0.11.2","v0.11.3","v0.12.0","v0.13.0","v0.13.1","v0.13.10","v0.13.10-patch1","v0.13.11","v0.13.12","v0.13.13","v0.13.14","v0.13.15","v0.13.16","v0.13.17","v0.13.18","v0.13.19","v0.13.2","v0.13.20","v0.13.21","v0.13.22","v0.13.23","v0.13.24","v0.13.25","v0.13.26","v0.13.27","v0.13.28","v0.13.29","v0.13.3","v0.13.30","v0.13.31","v0.13.32","v0.13.33","v0.13.34","v0.13.4","v0.13.5","v0.13.6","v0.13.7","v0.13.8","v0.13.9","v0.14.0","v0.14.1","v0.14.2","v0.14.3","v0.15.0","v0.16.0","v0.17.0","v0.17.1","v0.17.2","v0.17.3","v0.17.4","v0.17.5","v0.17.6","v0.18.0","v0.18.1","v0.18.10","v0.18.11","v0.18.12","v0.18.13","v0.18.14","v0.18.15","v0.18.16","v0.18.17","v0.18.18","v0.18.19","v0.18.2","v0.18.20","v0.18.21","v0.18.22","v0.18.23","v0.18.24","v0.18.25","v0.18.26","v0.18.27","v0.18.28","v0.18.29","v0.18.3","v0.18.30","v0.18.31","v0.18.32","v0.18.33","v0.18.34","v0.18.35","v0.18.36","v0.18.37","v0.18.38","v0.18.39","v0.18.4","v0.18.40","v0.18.41","v0.18.42","v0.18.43","v0.18.44","v0.18.5","v0.18.6","v0.18.7","v0.18.8","v0.18.9","v0.19.0","v0.19.1","v0.19.2","v0.20.0","v0.20.1","v0.20.2","v0.5.1","v0.5.10","v0.5.11","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.6.10","v0.6.11","v0.6.12","v0.6.13","v0.6.14","v0.6.15","v0.6.16","v0.6.17","v0.6.18","v0.6.19","v0.6.2","v0.6.20","v0.6.21","v0.6.22","v0.6.23","v0.6.24","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.6.8","v0.6.9","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.7.7","v0.7.8","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.9.0","v1.0.0","v1.0.0-rc1","v1.0.0-rc2","v1.1.0","v1.10.0-beta1","v1.10.0-beta10","v1.10.0-beta11","v1.10.0-beta12","v1.10.0-beta13","v1.10.0-beta2","v1.10.0-beta3","v1.10.0-beta4","v1.10.0-beta5","v1.10.0-beta6","v1.10.0-beta7","v1.10.0-beta8","v1.10.0-beta9","v1.10.0-rc1","v1.10.0-rc2","v1.10.0-rc3","v1.11.0-beta1","v1.11.0-beta10","v1.11.0-beta11","v1.11.0-beta12","v1.11.0-beta13","v1.11.0-beta14","v1.11.0-beta15","v1.11.0-beta16","v1.11.0-beta17","v1.11.0-beta18","v1.11.0-beta19","v1.11.0-beta2","v1.11.0-beta20","v1.11.0-beta21","v1.11.0-beta22","v1.11.0-beta23","v1.11.0-beta3","v1.11.0-beta4","v1.11.0-beta5","v1.11.0-beta6","v1.11.0-beta7","v1.11.0-beta8","v1.11.0-beta9","v1.11.0-rc1","v1.11.0-rc2","v1.11.0-rc3","v1.11.0-rc4","v1.11.0-rc5","v1.11.0-rc6","v1.12.0-beta1","v1.12.0-beta10","v1.12.0-beta11","v1.12.0-beta12","v1.12.0-beta13","v1.12.0-beta14","v1.12.0-beta15","v1.12.0-beta16","v1.12.0-beta17","v1.12.0-beta18","v1.12.0-beta19","v1.12.0-beta2","v1.12.0-beta20","v1.12.0-beta21","v1.12.0-beta22","v1.12.0-beta23","v1.12.0-beta24","v1.12.0-beta25","v1.12.0-beta26","v1.12.0-beta27","v1.12.0-beta28","v1.12.0-beta29","v1.12.0-beta3","v1.12.0-beta30","v1.12.0-beta31","v1.12.0-beta4","v1.12.0-beta5","v1.12.0-beta6","v1.12.0-beta7","v1.12.0-beta8","v1.12.0-beta9","v1.12.0-rc1","v1.12.0-rc2","v1.12.0-rc3","v1.12.0-rc4","v1.12.0-rc5","v1.12.0-rc6","v1.13.0-beta1","v1.13.0-beta10","v1.13.0-beta11","v1.13.0-beta12","v1.13.0-beta13","v1.13.0-beta14","v1.13.0-beta15","v1.13.0-beta16","v1.13.0-beta17","v1.13.0-beta18","v1.13.0-beta19","v1.13.0-beta2","v1.13.0-beta20","v1.13.0-beta21","v1.13.0-beta22","v1.13.0-beta23","v1.13.0-beta24","v1.13.0-beta25","v1.13.0-beta26","v1.13.0-beta27","v1.13.0-beta3","v1.13.0-beta4","v1.13.0-beta5","v1.13.0-beta6","v1.13.0-beta7","v1.13.0-beta8","v1.13.0-beta9","v1.13.0-rc1","v1.14.0-beta1","v1.14.0-beta10","v1.14.0-beta11","v1.14.0-beta12","v1.14.0-beta13","v1.14.0-beta14","v1.14.0-beta15","v1.14.0-beta16","v1.14.0-beta17","v1.14.0-beta18","v1.14.0-beta19","v1.14.0-beta2","v1.14.0-beta3","v1.14.0-beta4","v1.14.0-beta5","v1.14.0-beta6","v1.14.0-beta7","v1.14.0-beta8","v1.14.0-beta9","v1.14.0-rc1","v1.15.0-beta1","v1.15.0-beta10","v1.15.0-beta11","v1.15.0-beta12","v1.15.0-beta13","v1.15.0-beta14","v1.15.0-beta15","v1.15.0-beta16","v1.15.0-beta17","v1.15.0-beta18","v1.15.0-beta19","v1.15.0-beta2","v1.15.0-beta20","v1.15.0-beta21","v1.15.0-beta22","v1.15.0-beta23","v1.15.0-beta24","v1.15.0-beta3","v1.15.0-beta4","v1.15.0-beta5","v1.15.0-beta6","v1.15.0-beta7","v1.15.0-beta8","v1.15.0-beta9","v1.15.0-rc1","v1.15.0-rc2","v1.15.0-rc3","v1.16.0-beta1","v1.16.0-beta10","v1.16.0-beta11","v1.16.0-beta12","v1.16.0-beta13","v1.16.0-beta14","v1.16.0-beta15","v1.16.0-beta16","v1.16.0-beta17","v1.16.0-beta18","v1.16.0-beta19","v1.16.0-beta2","v1.16.0-beta20","v1.16.0-beta21","v1.16.0-beta22","v1.16.0-beta23","v1.16.0-beta24","v1.16.0-beta25","v1.16.0-beta26","v1.16.0-beta27","v1.16.0-beta28","v1.16.0-beta3","v1.16.0-beta4","v1.16.0-beta5","v1.16.0-beta6","v1.16.0-beta7","v1.16.0-beta8","v1.16.0-beta9","v1.16.0-rc1","v1.17.0-beta1","v1.17.0-beta10","v1.17.0-beta11","v1.17.0-beta12","v1.17.0-beta13","v1.17.0-beta14","v1.17.0-beta15","v1.17.0-beta16","v1.17.0-beta17","v1.17.0-beta18","v1.17.0-beta19","v1.17.0-beta2","v1.17.0-beta20","v1.17.0-beta21","v1.17.0-beta22","v1.17.0-beta23","v1.17.0-beta24","v1.17.0-beta25","v1.17.0-beta26","v1.17.0-beta27","v1.17.0-beta28","v1.17.0-beta29","v1.17.0-beta3","v1.17.0-beta30","v1.17.0-beta31","v1.17.0-beta32","v1.17.0-beta33","v1.17.0-beta34","v1.17.0-beta35","v1.17.0-beta4","v1.17.0-beta5","v1.17.0-beta6","v1.17.0-beta7","v1.17.0-beta8","v1.17.0-beta9","v1.17.0-rc1","v1.17.0-rc2","v1.17.0-rc3","v1.17.0-rc4","v1.18.0-beta1","v1.18.0-beta10","v1.18.0-beta11","v1.18.0-beta12","v1.18.0-beta13","v1.18.0-beta14","v1.18.0-beta15","v1.18.0-beta16","v1.18.0-beta17","v1.18.0-beta18","v1.18.0-beta19","v1.18.0-beta2","v1.18.0-beta20","v1.18.0-beta21","v1.18.0-beta22","v1.18.0-beta23","v1.18.0-beta24","v1.18.0-beta25","v1.18.0-beta26","v1.18.0-beta27","v1.18.0-beta28","v1.18.0-beta29","v1.18.0-beta3","v1.18.0-beta30","v1.18.0-beta31","v1.18.0-beta32","v1.18.0-beta33","v1.18.0-beta34","v1.18.0-beta4","v1.18.0-beta5","v1.18.0-beta6","v1.18.0-beta7","v1.18.0-beta8","v1.18.0-beta9","v1.2.0","v1.2.1","v1.2.10","v1.2.11","v1.2.12","v1.2.13","v1.2.14","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.2.9","v1.3.0","v1.3.1","v1.3.10","v1.3.11","v1.3.12","v1.3.13","v1.3.14","v1.3.15","v1.3.16","v1.3.17","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.0-beta1","v1.4.0-beta10","v1.4.0-beta11","v1.4.0-beta12","v1.4.0-beta13","v1.4.0-beta14","v1.4.0-beta15","v1.4.0-beta16","v1.4.0-beta2","v1.4.0-beta3","v1.4.0-beta4","v1.4.0-beta5","v1.4.0-beta6","v1.4.0-beta7","v1.4.0-beta8","v1.4.0-beta9","v1.5.0","v1.5.0-beta1","v1.5.0-beta10","v1.5.0-beta11","v1.5.0-beta12","v1.5.0-beta13","v1.5.0-beta14","v1.5.0-beta15","v1.5.0-beta16","v1.5.0-beta17","v1.5.0-beta18","v1.5.0-beta19","v1.5.0-beta2","v1.5.0-beta20","v1.5.0-beta21","v1.5.0-beta22","v1.5.0-beta23","v1.5.0-beta24","v1.5.0-beta25","v1.5.0-beta26","v1.5.0-beta27","v1.5.0-beta28","v1.5.0-beta3","v1.5.0-beta4","v1.5.0-beta5","v1.5.0-beta6","v1.5.0-beta7","v1.5.0-beta8","v1.5.0-beta9","v1.6.0","v1.6.0-beta1","v1.6.0-beta10","v1.6.0-beta11","v1.6.0-beta12","v1.6.0-beta13","v1.6.0-beta14","v1.6.0-beta15","v1.6.0-beta16","v1.6.0-beta17","v1.6.0-beta18","v1.6.0-beta19","v1.6.0-beta2","v1.6.0-beta20","v1.6.0-beta21","v1.6.0-beta22","v1.6.0-beta23","v1.6.0-beta24","v1.6.0-beta25","v1.6.0-beta3","v1.6.0-beta4","v1.6.0-beta5","v1.6.0-beta6","v1.6.0-beta7","v1.6.0-beta8","v1.6.0-beta9","v1.7.0-beta1","v1.7.0-beta10","v1.7.0-beta11","v1.7.0-beta12","v1.7.0-beta13","v1.7.0-beta14","v1.7.0-beta15","v1.7.0-beta16","v1.7.0-beta17","v1.7.0-beta18","v1.7.0-beta19","v1.7.0-beta2","v1.7.0-beta20","v1.7.0-beta21","v1.7.0-beta22","v1.7.0-beta23","v1.7.0-beta24","v1.7.0-beta25","v1.7.0-beta26","v1.7.0-beta27","v1.7.0-beta28","v1.7.0-beta29","v1.7.0-beta3","v1.7.0-beta30","v1.7.0-beta31","v1.7.0-beta32","v1.7.0-beta4","v1.7.0-beta5","v1.7.0-beta6","v1.7.0-beta7","v1.7.0-beta8","v1.7.0-beta9","v1.7.0-rc1","v1.7.0-rc2","v1.8.0-beta1","v1.8.0-beta10","v1.8.0-beta11","v1.8.0-beta12","v1.8.0-beta13","v1.8.0-beta14","v1.8.0-beta15","v1.8.0-beta16","v1.8.0-beta17","v1.8.0-beta18","v1.8.0-beta19","v1.8.0-beta2","v1.8.0-beta20","v1.8.0-beta21","v1.8.0-beta22","v1.8.0-beta3","v1.8.0-beta4","v1.8.0-beta5","v1.8.0-beta6","v1.8.0-beta7","v1.8.0-beta8","v1.8.0-beta9","v1.9.0-beta1","v1.9.0-beta10","v1.9.0-beta11","v1.9.0-beta12","v1.9.0-beta13","v1.9.0-beta14","v1.9.0-beta15","v1.9.0-beta16","v1.9.0-beta17","v1.9.0-beta18","v1.9.0-beta19","v1.9.0-beta2","v1.9.0-beta20","v1.9.0-beta21","v1.9.0-beta3","v1.9.0-beta4","v1.9.0-beta5","v1.9.0-beta6","v1.9.0-beta7","v1.9.0-beta8","v1.9.0-beta9","v1.9.0-rc1","v1.9.0-rc2","v1.9.0-rc3","v2.0.0-beta1","v2.0.0-beta2","v2.0.0-beta3","v2.0.0-rc.1","v2.0.0-rc.2","v2.0.0-rc.3","v2.0.2","v2.0.3","v2.0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64323.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}