diff --git a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go
index 45a2f043b7..bbb17646dc 100644
--- a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go
+++ b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go
@@ -1546,6 +1546,16 @@ func TestValidateIPSetMemberIP(t *testing.T) {
 			ipblock: "2345:0425:2CA1:0000:0000:0567:5673:23b5 nomatch",
 			want:    false,
 		},
+		{
+			name:    "invalid/0",
+			ipblock: "1.1.1.1/0",
+			want:    false,
+		},
+		{
+			name:    "valid/0",
+			ipblock: "0.0.0.0/0",
+			want:    true,
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/npm/util/util.go b/npm/util/util.go
index d85d086d62..b564439194 100644
--- a/npm/util/util.go
+++ b/npm/util/util.go
@@ -322,6 +322,10 @@ func SliceToString(list []string) string {
 func IsIPV4(ip string) bool {
 	isIPBlock := strings.Contains(ip, "/")
 	ipOnly := strings.Split(ip, "/")
+	if strings.Contains(ip, "/0") && ipOnly[0] != "0.0.0.0" {
+		return false
+	}
+
 	address, err := netip.ParseAddr(ipOnly[0])
 	if err != nil {
 		return false