Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.

Published: Nov 4, 2025
Updated: Nov 12, 2025
CVE: CVE-2025-64323
GHSA: GHSA-4766-x535-jw3r
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
github.com/kgateway-dev/kgateway/v2	2.1.0-agw-cel-rbac	2.1.0
github.com/kgateway-dev/kgateway/v2	-	2.0.5

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo