CVE-2025-37799 Vulnerability Analysis & Exploit Details

CVE-2025-37799
Vulnerability Scoring

Analysis In Progress
Analysis In Progress

Attack Complexity Details

  • Attack Complexity:
    Attack Complexity Analysis In Progress
  • Attack Vector:
    Attack Vector Under Analysis
  • Privileges Required: None
    No authentication is required for exploitation.
  • Scope:
    Impact is confined to the initially vulnerable component.
  • User Interaction: None
    No user interaction is necessary for exploitation.

CVE-2025-37799 Details

Status: Received on 03 May 2025, 12:15 UTC

Published on: 03 May 2025, 12:15 UTC

CVSS Release:

CVE-2025-37799 Vulnerability Summary

CVE-2025-37799: In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's service load- balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP backend service where the XDP LB was doing IPIP encap led to overly large packet sizes but only for *some* of the packets (e.g. HTTP GET request) while others (e.g. the prior TCP 3WHS) looked completely fine on the wire. In fact, the pcap recording on the backend node actually revealed that the node with the XDP LB was leaking uninitialized kernel data onto the wire for the affected packets, for example, while the packets should have been 152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes was padded with whatever other data was in that page at the time (e.g. we saw user/payload data from prior processed packets). We only noticed this through an MTU issue, e.g. when the XDP LB node and the backend node both had the same MTU (e.g. 1500) then the curl request got dropped on the backend node's NIC given the packet was too large even though the IPIP-encapped packet normally would never even come close to the MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let the curl request succeed (which also indicates that the kernel ignored the padding, and thus the issue wasn't very user-visible). Commit e127ce7699c1 ("vmxnet3: Fix missing reserved tailroom") was too eager to also switch xdp_prepare_buff() from rcd->len to rbi->len. It really needs to stick to rcd->len which is the actual packet length from the descriptor. The latter we also feed into vmxnet3_process_xdp_small(), by the way, and it indicates the correct length needed to initialize the xdp->{data,data_end} parts. For e127ce7699c1 ("vmxnet3: Fix missing reserved tailroom") the relevant part was adapting xdp_init_buff() to address the warning given the xdp_data_hard_end() depends on xdp->frame_sz. With that fixed, traffic on the wire looks good again.

Assessing the Risk of CVE-2025-37799

Access Complexity Graph

The exploitability of CVE-2025-37799 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).

Exploitability Analysis for CVE-2025-37799

No exploitability data is available for CVE-2025-37799.

Understanding AC and PR

A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.

Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.

Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.

CVSS Score Breakdown Chart

Above is the CVSS Sub-score Breakdown for CVE-2025-37799, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.

CIA Impact Analysis

Below is the Impact Analysis for CVE-2025-37799, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.

  • Confidentiality: None
    CVE-2025-37799 does not compromise confidentiality.
  • Integrity: None
    CVE-2025-37799 does not impact data integrity.
  • Availability: None
    CVE-2025-37799 does not affect system availability.

CVE-2025-37799 References

External References

CWE Common Weakness Enumeration

Unknown

Protect Your Infrastructure against CVE-2025-37799: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Other 5 Recently Published CVEs Vulnerabilities

  • CVE-2025-47245 – In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.
  • CVE-2025-47244 – Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing ...
  • CVE-2025-47241 – In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component.
  • CVE-2025-4244 – A vulnerability, which was classified as critical, was found in code-projects Online Bus Reservation System 1.0. This affects an unknown part of th...
  • CVE-2025-4243 – A vulnerability, which was classified as critical, has been found in code-projects Online Bus Reservation System 1.0. Affected by this issue is som...