{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T20:08:54.839369700Z","vulnerabilities":[{"cve":{"id":"CVE-2025-64323","sourceIdentifier":"security-advisories@github.com","published":"2025-11-07T04:15:47.243","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0."},{"lang":"es","value":"kgateway es un Gateway de API e IA nativo de la nube. Las versiones 2.0.4 e inferiores y de la 2.1.0-agw-cel-rbac a la 2.1.0-rc.2 carecen de autenticación, lo que permite a cualquier cliente con acceso de red sin restricciones al puerto xDS recuperar datos de configuración potencialmente sensibles, incluyendo datos de certificados, información de servicios de backend, reglas de enrutamiento y metadatos de clúster. Este problema se resuelve en las versiones 2.0.5 y 2.1.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/kgateway-dev/kgateway/issues/10651","source":"security-advisories@github.com"},{"url":"https://github.com/kgateway-dev/kgateway/pull/12471","source":"security-advisories@github.com"},{"url":"https://github.com/kgateway-dev/kgateway/pull/12535","source":"security-advisories@github.com"},{"url":"https://github.com/kgateway-dev/kgateway/security/advisories/GHSA-4766-x535-jw3r","source":"security-advisories@github.com"}]}}]}