{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-0752","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-01-27T14:16:01.506Z","datePublished":"2025-01-28T09:29:33.073Z","dateUpdated":"2026-02-24T08:03:27.631Z"},"containers":{"cna":{"title":"Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access","metrics":[{"other":{"content":{"value":"Important","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy."}],"affected":[{"versions":[{"status":"affected","version":"2.6.3","versionType":"semver"},{"status":"affected","version":"2.5.6","versionType":"semver"}],"packageName":"envoyproxy","collectionURL":"https://github.com/openshift-service-mesh/proxy","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"OpenShift Service Mesh 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/proxyv2-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:service_mesh:2"]},{"vendor":"Red Hat","product":"OpenShift Service Mesh 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-service-mesh/proxyv2-rhel9","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:service_mesh:2"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-0752","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2339115","name":"RHBZ#2339115","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2025-01-21T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-444","description":"Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"timeline":[{"lang":"en","time":"2025-01-21T12:07:54.692Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-01-21T00:00:00.000Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-02-24T08:03:27.631Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-28T14:35:14.655204Z","id":"CVE-2025-0752","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-28T14:35:24.738Z"}}]}}