1. Home
  2. Vulnerabilities
  3. CVE-2025-37789
7.8
HIGH CVSS 3.1
CVE-2025-37789
net: openvswitch: fix nested key length validation in the set() action
Description

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.

INFO

Published Date :

May 1, 2025, 2:15 p.m.

Last Modified :

Nov. 6, 2025, 5:27 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2025-37789 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
1 Debian debian_linux
: Total Affected Vendor : 2 | Products : 2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
Update the Linux kernel to the latest version to fix a nested key length validation issue.
  • Update the Linux kernel to the latest version.
  • Apply the provided patch for openvswitch.
  • Recompile and install the kernel.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-37789.

URL Resource
https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b Patch
https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec Patch
https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce Patch
https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba Patch
https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd Patch
https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7 Patch
https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4 Patch
https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Mailing List Third Party Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-37789 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-37789 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-37789 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-37789 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Nov. 06, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.88 *cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.181 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.237 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.135 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.3 up to (excluding) 5.4.293 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.25 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.14.4
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc Types: Patch
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html Types: Mailing List, Third Party Advisory
    Added Reference Type CVE: https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html Types: Mailing List, Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 03, 2025

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
    Added Reference https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 02, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/54c6957d1123a2032099b9eab51c314800f677ce
    Added Reference https://git.kernel.org/stable/c/7fcaec0b2ab8fa5fbf0b45e5512364a168f445bd
    Added Reference https://git.kernel.org/stable/c/a27526e6b48eee9e2d82efff502c4f272f1a91d4
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 01, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.
    Added Reference https://git.kernel.org/stable/c/03d7262dd53e8c404da35cc81aaa887fd901f76b
    Added Reference https://git.kernel.org/stable/c/1489c195c8eecd262aa6712761ba5288203e28ec
    Added Reference https://git.kernel.org/stable/c/65d91192aa66f05710cfddf6a14b5a25ee554dba
    Added Reference https://git.kernel.org/stable/c/824a7c2df5127b2402b68a21a265d413e78dcad7
    Added Reference https://git.kernel.org/stable/c/be80768d4f3b6fd13f421451cc3fee8778aba8bc
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact