Headline
GHSA-274q-79q9-52j7: Character injection in Hubble CLI
Impact
A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack.
Patches
This issue affects all versions of Hubble CLI before v1.17.2. The issue is patched in Hubble CLI v1.17.2, via https://github.com/cilium/cilium/pull/37401.
Workarounds
Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.
Acknowledgements
The Cilium community has worked together with members of Isovalent and the Cisco ASIG team to prepare these mitigations. Special thanks to @bipierce-cisco and @kokelley-cisco for reporting the issue and to @devodev for the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-48056
Character injection in Hubble CLI
Moderate severity GitHub Reviewed Published May 20, 2025 in cilium/hubble • Updated May 21, 2025
Package
gomod github.com/cilium/hubble (Go)
Affected versions
< 1.17.2
Impact
A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack.
Patches
This issue affects all versions of Hubble CLI before v1.17.2. The issue is patched in Hubble CLI v1.17.2, via cilium/cilium#37401.
Workarounds
Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.
Acknowledgements
The Cilium community has worked together with members of Isovalent and the Cisco ASIG team to prepare these mitigations. Special thanks to @bipierce-cisco and @kokelley-cisco for reporting the issue and to @devodev for the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.
References
- GHSA-274q-79q9-52j7
- https://nvd.nist.gov/vuln/detail/CVE-2025-48056
- cilium/cilium#37401
Published to the GitHub Advisory Database
May 21, 2025
Last updated
May 21, 2025