A major security flaw affecting multiple tunneling protocols has left millions of internet devices vulnerable to potential cyberattacks, according to new research conducted by Top10VPN in collaboration with KU Leuven professor Mathy Vanhoef.
The study revealed that approximately 4.2 million hosts worldwide are at risk, including VPN servers, home routers, core internet routers, mobile network gateways, and content delivery network nodes. China, France, Japan, the United States, and Brazil are among the most affected countries.
The vulnerability stems from tunneling protocols like IP6IP6, GRE6, 4in6, and 6in4 accepting packets without proper sender verification. These protocols, which facilitate data transfers between disconnected networks, lack built-in authentication and encryption mechanisms.
Attackers can exploit these weaknesses by sending specially crafted packets with manipulated IP headers. When a vulnerable system receives such a packet, it automatically forwards it to the intended destination while masking the attacker's true identity. This allows malicious actors to conduct anonymous attacks, create one-way proxies, and potentially launch denial-of-service (DoS) attacks.
The CERT Coordination Center has issued an advisory warning that compromised systems could provide unauthorized access to private networks. The vulnerabilities have been assigned multiple CVE identifiers, including CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019.
Security experts recommend implementing several protective measures:
- Using IPSec or WireGuard for authentication and encryption
- Accepting tunneling packets only from trusted sources
- Implementing traffic filtering on routers
- Conducting deep packet inspection
- Blocking unencrypted tunneling packets
The impact of these vulnerabilities could lead to network congestion, service disruptions, and device crashes. Additionally, attackers might exploit these weaknesses to conduct man-in-the-middle attacks and intercept sensitive data.
Organizations and network administrators are advised to review their security configurations and implement the recommended safeguards to protect their systems from potential exploitation.