logo

Database

Enabled default configuration In github.com/containernetworking/plugins

Description

A flaw was found in the CNI (Container Network Interface) portmap plugin. This vulnerability allows containers to intercept all traffic destined for a host port via inadvertent forwarding of traffic with the same destination port when the plugin is configured with the nftables backend, ignoring the destination IP.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-674992. NVD-2025-674993. OSV-2025-674994. GHSA-jv3w-x3r3-g6rm5. GCVE-2025-67499

References

1. https://github.com/containernetworking/plugins/security/advisories/GHSA-jv3w-x3r3-g6rm2. https://github.com/containernetworking/plugins/pull/12103. https://github.com/containernetworking/plugins/commit/9b3772e1a7abf93cbb7c6526a28bc0d27b830e024. https://github.com/containernetworking/plugins/releases/tag/v1.9.05. https://pkg.go.dev/vuln/GO-2026-4222

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.