CVE-2025-62820

Medium

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

mitre·CWE-420·Published 2025-10-23

CVSS

4.9

EPSS

0.00

KEV

Exploits

cve.orgen

138 chars

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

NVDen

138 chars

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

OSV.deven

82 chars

Slack Nebula may accept arbitrary source IP addresses in github.com/slackhq/nebula

GHSAen

138 chars

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.9	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
3.1	Primary	cve.org	4.9	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L