Ietf Ipv6 vulnerabilities

CVE-2025-23019 [MEDIUM] CWE-940 CVE-2025-23019: IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed netwo IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.

CVE-2025-23018 [MEDIUM] CWE-940 CVE-2025-23018: IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attack IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136.

CVE-2020-10136 [MEDIUM] CWE-290 CVE-2020-10136: IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate a IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.