Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-48056
CVE-2025-48056:
vulnerability analysis and mitigation
Overview
Hubble, a fully distributed networking and security observability platform for cloud native workloads, was found to contain a vulnerability (CVE-2025-48056) that allows network attackers to inject malicious control characters into Hubble CLI terminal output. The vulnerability was discovered in versions prior to 1.17.2 and was disclosed on May 20, 2025. The issue affects the Hubble CLI component and could potentially compromise the integrity of output displayed to users (GitHub Advisory).
Technical details
The vulnerability stems from improper handling of terminal special characters in the Hubble observe output when not using JSON formatting. This security flaw could allow attackers to manipulate the output through character injection. The issue has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network attack vector, low attack complexity, no privileges required, and no user interaction needed (GitHub Advisory).
Impact
The vulnerability could lead to loss of integrity and manipulation of the output, potentially allowing attackers to conceal log entries, rewrite output, or render the terminal temporarily unusable. The exploitation requires the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack (GitHub Advisory, Wiz).
Mitigation and workarounds
The vulnerability has been patched in Hubble CLI version 1.17.2. For users unable to upgrade, a workaround is available: they can direct their Hubble flows to a log file and inspect the output within a text editor. The fix was implemented through a pull request that escapes special characters from the observe output when not using JSON formatting (GitHub PR, GitHub Advisory).
Community reactions
The vulnerability was addressed through collaboration between the Cilium community, members of Isovalent, and the Cisco ASIG team. Special acknowledgment was given to bipierce-cisco and kokelley-cisco for reporting the issue, and to devodev for implementing the fix (GitHub Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management