Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.
History

Thu, 04 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Envoyproxy
Envoyproxy gateway
CPEs cpe:2.3:a:envoyproxy:gateway:*:*:*:*:*:*:*:*
Vendors & Products Envoyproxy
Envoyproxy gateway

Thu, 23 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 23 Jan 2025 13:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 23 Jan 2025 03:30:00 +0000

Type Values Removed Values Added
Description Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.
Title Envoy Admin Interface Exposed through prometheus metrics endpoint
Weaknesses CWE-419
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-01-23T14:58:59.485Z

Reserved: 2025-01-16T17:31:06.460Z

Link: CVE-2025-24030

cve-icon Vulnrichment

Updated: 2025-01-23T14:58:55.684Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-23T04:15:07.100

Modified: 2025-09-04T14:02:18.040

Link: CVE-2025-24030

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-23T03:20:27Z

Links: CVE-2025-24030 - Bugzilla

cve-icon OpenCVE Enrichment

No data.