ts-2025-006
Vulnerability from tailscale

Description: A potential access control logic issue affected shared subnet router nodes between tailnets.

What happened?

Tailscale nodes that are subnet routers and shared with other tailnets did not enforce protocol filters in ACLs. For example, a subnet router with an IP grant of "udp:1234" in the policy file would allow TCP, UDP, and any other protocol connections to port 1234. This bug was fixed in our control plane and does not require any update.

The Tailscale Control Plane performs a process known as network map trimming to ensure that only nodes with authorized access to each other appear in their respective clients.

As part of this process, the Control Plane transforms ACLs for nodes that serve as subnet routers, exit node, or app connector and are shared externally with other tailnets to constrain the access of external tailnet members to only the shared node and prohibit their access to the routed subnets.

This filtering contained a bug, producing ACLs for these nodes that omitted their IP Protocol number information entirely. This caused those nodes to accept connections using arbitrary protocols from both local and external tailnets the node was shared with. The src/dst restrictions, as well as port restrictions still applied, so these nodes were not accessible broadly.

For ACL rules that relied on protocol-based filtering, such as imcp:* this would have allowed connections from the source using arbitrary protocols to the destination.

What was the impact?

Local and external tailnet members with existing access to subnet routers that were shared externally would have been able to exceed their authorized access and establish connections using arbitrary protocols to these nodes.

Local and external members who were not included in the source of the impacted ACL groups would not have been able to access impacted nodes using these rules.

There is no indication of this issue being exploited in the wild. The exposure is limited to nodes that were intentionally shared to another tailnet.

Who was affected?

Tailnets with nodes that are subnet routers, that were also shared with external tailnets, and whose ACLs for these nodes relied on protocol filtering were affected.

This bug was present in all Tailscale clients from the introduction of these features, and was fixed for all clients through the Tailscale control plane on October 29th 2025.

What do I need to do?

No action is required. Tailscale has deployed a fix to the control plane as of 2025-10-29.

Credits

We would like to thank Thariq Shanavas for reporting this issue.

Show details on source website

To clipboard 

{
  "guidislink": false,
  "id": "https://tailscale.com/security-bulletins/#ts-2025-006",
  "link": "https://tailscale.com/security-bulletins/#ts-2025-006",
  "links": [
    {
      "href": "https://tailscale.com/security-bulletins/#ts-2025-006",
      "rel": "alternate",
      "type": "text/html"
    }
  ],
  "published": "Tue, 28 Oct 2025 00:00:00 GMT",
  "summary": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: A potential access control logic issue affected shared subnet router nodes between tailnets.\u003c/p\u003e\n\u003ch4\u003eWhat happened?\u003c/h4\u003e\n\u003cp\u003eTailscale nodes that are subnet routers and shared with other tailnets did not enforce protocol filters in ACLs. For example, a subnet router with an IP grant of \u003ccode\u003e\"udp:1234\"\u003c/code\u003e in the policy file would allow TCP, UDP, and any other protocol connections to port \u003ccode\u003e1234\u003c/code\u003e. This bug was fixed in our control plane and does not require any update.\u003c/p\u003e\n\u003cp\u003eThe Tailscale Control Plane performs a process known as \u003ca href=\"https://tailscale.com/kb/1087/device-visibility\"\u003enetwork map trimming\u003c/a\u003e to ensure that only nodes with authorized access to each other appear in their respective clients.\u003c/p\u003e\n\u003cp\u003eAs part of this process, the Control Plane transforms ACLs for nodes that serve as \u003ca href=\"https://tailscale.com/kb/1019/subnets\"\u003esubnet routers\u003c/a\u003e, \u003ca href=\"https://tailscale.com/kb/1103/exit-nodes\"\u003eexit node\u003c/a\u003e, or \u003ca href=\"https://tailscale.com/security-bulletins/kb/1281/app-connectors\"\u003eapp connector\u003c/a\u003e and are \u003ca href=\"https://tailscale.com/kb/1084/sharing\"\u003eshared externally\u003c/a\u003e with other tailnets to constrain the access of external tailnet members to only the shared node and prohibit their access to the routed subnets.\u003c/p\u003e\n\u003cp\u003eThis filtering contained a bug, producing ACLs for these nodes that omitted their IP Protocol number information entirely. This caused those nodes to accept connections using arbitrary protocols from both local and external tailnets the node was shared with. The \u003ccode\u003esrc\u003c/code\u003e/\u003ccode\u003edst\u003c/code\u003e restrictions, as well as port restrictions still applied, so these nodes were not accessible broadly.\u003c/p\u003e\n\u003cp\u003eFor ACL rules that relied on protocol-based filtering, such as \u003ccode\u003eimcp:*\u003c/code\u003e this would have allowed connections from the source using arbitrary protocols to the destination.\u003c/p\u003e\n\u003ch4\u003eWhat was the impact?\u003c/h4\u003e\n\u003cp\u003eLocal and external tailnet members with existing access to subnet routers that were shared externally would have been able to exceed their authorized access and establish connections using arbitrary protocols to these nodes.\u003c/p\u003e\n\u003cp\u003eLocal and external members who were not included in the source of the impacted ACL groups would not have been able to access impacted nodes using these rules.\u003c/p\u003e\n\u003cp\u003eThere is \u003cstrong\u003eno indication of this issue being exploited\u003c/strong\u003e in the wild. The exposure is limited to nodes that were intentionally shared to another tailnet.\u003c/p\u003e\n\u003ch4\u003eWho was affected?\u003c/h4\u003e\n\u003cp\u003eTailnets with nodes that are subnet routers, that were also shared with external tailnets, and whose ACLs for these nodes relied on protocol filtering were affected.\u003c/p\u003e\n\u003cp\u003eThis bug was present in all Tailscale clients from the introduction of these features, and was fixed for all clients through the Tailscale control plane on October 29th 2025.\u003c/p\u003e\n\u003ch4\u003eWhat do I need to do?\u003c/h4\u003e\n\u003cp\u003e\u003cstrong\u003eNo action is required\u003c/strong\u003e. Tailscale has deployed a fix to the control plane as of 2025-10-29.\u003c/p\u003e\n\u003ch4\u003eCredits\u003c/h4\u003e\n\u003cp\u003eWe would like to thank \u003ca href=\"https://www.linkedin.com/in/thariq-shanavas\"\u003eThariq Shanavas\u003c/a\u003e for reporting this issue.\u003c/p\u003e",
  "summary_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/html",
    "value": "\u003cp\u003e\u003cstrong\u003e\u003cem\u003eDescription\u003c/em\u003e\u003c/strong\u003e: A potential access control logic issue affected shared subnet router nodes between tailnets.\u003c/p\u003e\n\u003ch4\u003eWhat happened?\u003c/h4\u003e\n\u003cp\u003eTailscale nodes that are subnet routers and shared with other tailnets did not enforce protocol filters in ACLs. For example, a subnet router with an IP grant of \u003ccode\u003e\"udp:1234\"\u003c/code\u003e in the policy file would allow TCP, UDP, and any other protocol connections to port \u003ccode\u003e1234\u003c/code\u003e. This bug was fixed in our control plane and does not require any update.\u003c/p\u003e\n\u003cp\u003eThe Tailscale Control Plane performs a process known as \u003ca href=\"https://tailscale.com/kb/1087/device-visibility\"\u003enetwork map trimming\u003c/a\u003e to ensure that only nodes with authorized access to each other appear in their respective clients.\u003c/p\u003e\n\u003cp\u003eAs part of this process, the Control Plane transforms ACLs for nodes that serve as \u003ca href=\"https://tailscale.com/kb/1019/subnets\"\u003esubnet routers\u003c/a\u003e, \u003ca href=\"https://tailscale.com/kb/1103/exit-nodes\"\u003eexit node\u003c/a\u003e, or \u003ca href=\"https://tailscale.com/security-bulletins/kb/1281/app-connectors\"\u003eapp connector\u003c/a\u003e and are \u003ca href=\"https://tailscale.com/kb/1084/sharing\"\u003eshared externally\u003c/a\u003e with other tailnets to constrain the access of external tailnet members to only the shared node and prohibit their access to the routed subnets.\u003c/p\u003e\n\u003cp\u003eThis filtering contained a bug, producing ACLs for these nodes that omitted their IP Protocol number information entirely. This caused those nodes to accept connections using arbitrary protocols from both local and external tailnets the node was shared with. The \u003ccode\u003esrc\u003c/code\u003e/\u003ccode\u003edst\u003c/code\u003e restrictions, as well as port restrictions still applied, so these nodes were not accessible broadly.\u003c/p\u003e\n\u003cp\u003eFor ACL rules that relied on protocol-based filtering, such as \u003ccode\u003eimcp:*\u003c/code\u003e this would have allowed connections from the source using arbitrary protocols to the destination.\u003c/p\u003e\n\u003ch4\u003eWhat was the impact?\u003c/h4\u003e\n\u003cp\u003eLocal and external tailnet members with existing access to subnet routers that were shared externally would have been able to exceed their authorized access and establish connections using arbitrary protocols to these nodes.\u003c/p\u003e\n\u003cp\u003eLocal and external members who were not included in the source of the impacted ACL groups would not have been able to access impacted nodes using these rules.\u003c/p\u003e\n\u003cp\u003eThere is \u003cstrong\u003eno indication of this issue being exploited\u003c/strong\u003e in the wild. The exposure is limited to nodes that were intentionally shared to another tailnet.\u003c/p\u003e\n\u003ch4\u003eWho was affected?\u003c/h4\u003e\n\u003cp\u003eTailnets with nodes that are subnet routers, that were also shared with external tailnets, and whose ACLs for these nodes relied on protocol filtering were affected.\u003c/p\u003e\n\u003cp\u003eThis bug was present in all Tailscale clients from the introduction of these features, and was fixed for all clients through the Tailscale control plane on October 29th 2025.\u003c/p\u003e\n\u003ch4\u003eWhat do I need to do?\u003c/h4\u003e\n\u003cp\u003e\u003cstrong\u003eNo action is required\u003c/strong\u003e. Tailscale has deployed a fix to the control plane as of 2025-10-29.\u003c/p\u003e\n\u003ch4\u003eCredits\u003c/h4\u003e\n\u003cp\u003eWe would like to thank \u003ca href=\"https://www.linkedin.com/in/thariq-shanavas\"\u003eThariq Shanavas\u003c/a\u003e for reporting this issue.\u003c/p\u003e"
  },
  "title": "TS-2025-006",
  "title_detail": {
    "base": "https://tailscale.com/security-bulletins/index.xml",
    "language": null,
    "type": "text/plain",
    "value": "TS-2025-006"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.