Summary
Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. Cilium is vulnerable to chosen-plaintext attacks, key-recovery attacks, and replay attacks by a man-in-the-middle attacker. The root cause is an ESP sequence number collision when multiple nodes are configured with the same IPsec key.
Impact
Adjacent-network attackers (CVSS AV:A) able to observe or inject traffic between Cilium nodes can recover keys, replay past traffic, or feed chosen plaintext through the IPsec tunnel. The CVSS scope change reflects that compromise of the encryption layer affects all workloads relying on it for confidentiality. Every Cilium release that supports IPsec transparent encryption (1.4 onwards) is affected up to the patched versions.
Detection
There is no in-band detection for the cryptographic weakness — the issue is structural, not exploitation-time-observable. Audit whether IPsec transparent encryption is enabled in your cluster (check the cilium-config ConfigMap or the Cilium Helm values for encryption.type=ipsec). If it is, treat all node-to-node IPsec traffic on affected versions as untrusted and prioritise upgrade plus key rotation.
Mitigation
Upgrade to a patched version on the appropriate release line:
- Cilium v1.15.3 or later (for the 1.15 line)
- Cilium v1.14.9 or later (for the 1.14 line)
- Cilium v1.13.14 or later (for the 1.13 line)
There is no workaround. After upgrading, you must perform a key rotation using the updated key rotation instructions to ensure the cluster is no longer vulnerable. The new procedure has been updated since the original guidance — to validate that the new instructions have been followed correctly, ensure that the IPsec Kubernetes Secret contains a + sign.