Openshift Service Mesh
CVE-2025-0752
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
AnalysisAI
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy. Affected products include: Redhat Openshift Service Mesh.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.
More in Openshift Service Mesh
View allA signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). R
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. Rated high
An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maist
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Rate
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of s
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high s
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high seve
Same weakness CWE-444 – HTTP Request/Response Smuggling
View allSame technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today