{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0752", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-01-27T14:16:01.506Z", "datePublished": "2025-01-28T09:29:33.073Z", "dateUpdated": "2025-08-22T14:19:24.458Z"}, "containers": {"cna": {"title": "Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy."}], "affected": [{"versions": [{"status": "affected", "version": "2.6.3", "versionType": "semver"}, {"status": "affected", "version": "2.5.6", "versionType": "semver"}], "packageName": "envoyproxy", "collectionURL": "https://github.com/openshift-service-mesh/proxy", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "OpenShift Service Mesh 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-service-mesh/proxyv2-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:service_mesh:2"]}, {"vendor": "Red Hat", "product": "OpenShift Service Mesh 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-service-mesh/proxyv2-rhel9", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:service_mesh:2"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-0752", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339115", "name": "RHBZ#2339115", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-01-21T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "timeline": [{"lang": "en", "time": "2025-01-21T12:07:54.692000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-01-21T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-08-22T14:19:24.458Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-28T14:35:14.655204Z", "id": "CVE-2025-0752", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T14:35:24.738Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-28T14:35:14.655204Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T14:35:20.372Z"}}], "cna": {"title": "Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access", "credits": [{"lang": "en", "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "2.6.3", "versionType": "semver"}, {"status": "affected", "version": "2.5.6", "versionType": "semver"}], "packageName": "envoyproxy", "collectionURL": "https://github.com/openshift-service-mesh/proxy", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:service_mesh:2"], "vendor": "Red Hat", "product": "OpenShift Service Mesh 2", "packageName": "openshift-service-mesh/proxyv2-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:service_mesh:2"], "vendor": "Red Hat", "product": "OpenShift Service Mesh 2", "packageName": "openshift-service-mesh/proxyv2-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2025-01-21T12:07:54.692000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-01-21T00:00:00+00:00", "value": "Made public."}], "datePublic": "2025-01-21T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-0752", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339115", "name": "RHBZ#2339115", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-08-22T14:19:24.458Z"}, "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}}, "cveMetadata": {"cveId": "CVE-2025-0752", "state": "PUBLISHED", "dateUpdated": "2025-08-22T14:19:24.458Z", "dateReserved": "2025-01-27T14:16:01.506Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-01-28T09:29:33.073Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "888B4C9D-0B35-45BC-9F6D-0C83BC1F14B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "6129D644-AA42-4E25-82E4-053613874178", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en OpenShift Service Mesh 2.6.3 y 2.5.6. Es posible que se produzcan ataques de evasi\u00f3n de limitadores de velocidad, de control de acceso, de agotamiento de CPU y memoria y de repetici\u00f3n debido al encabezado HTTP desinfecci\u00f3n incorrecto en Envoy."}], "id": "CVE-2025-0752", "lastModified": "2025-07-31T18:29:53.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-01-28T10:15:09.493", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2025-0752"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339115"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.", "bugzilla": {"description": "envoyproxy: OpenShift Service Mesh Envoy HTTP Header Sanitization Bypass Leading to DoS and Unauthorized Access", "id": "2339115", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339115"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-444", "details": ["A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.", "A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy."], "name": "CVE-2025-0752", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/proxyv2-rhel9", "product_name": "OpenShift Service Mesh 2"}], "public_date": "2025-01-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0752\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0752"], "threat_severity": "Moderate"}

{}