{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T06:21:16.379","vulnerabilities":[{"cve":{"id":"CVE-2025-48056","sourceIdentifier":"security-advisories@github.com","published":"2025-05-20T20:15:42.790","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor."},{"lang":"es","value":"Hubble es una plataforma de observabilidad de seguridad y redes totalmente distribuida para cargas de trabajo nativas de la nube. Antes de la versión 1.17.2, un atacante de red podía inyectar caracteres de control maliciosos en la salida del terminal Hubble CLI, lo que podría provocar la pérdida de integridad y la manipulación de la salida. Esto podría aprovecharse para ocultar entradas de registro, reescribir la salida o incluso inutilizar temporalmente el terminal. Para explotar este ataque, la víctima debería estar monitorizando el tráfico de Kafka mediante la visibilidad del protocolo de capa 7 en el momento del ataque. El problema está corregido en la versión 1.17.2 de Hubble CLI. Los usuarios de Hubble CLI que no puedan actualizar pueden dirigir sus flujos de Hubble a un archivo de registro e inspeccionar la salida en un editor de texto."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/cilium/cilium/pull/37401","source":"security-advisories@github.com"},{"url":"https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7","source":"security-advisories@github.com"}]}}]}