Skip to main content

Openshift Service Mesh CVE-2025-0752

HIGH
HTTP Request/Response Smuggling (CWE-444)
2025-01-28 secalert@redhat.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Red Hat
7.1 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:06 vuln.today
CVE Published
Jan 28, 2025 - 10:15 nvd
HIGH 7.1

DescriptionCVE.org

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.

AnalysisAI

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as HTTP Request/Response Smuggling (CWE-444), which allows attackers to manipulate HTTP request interpretation between frontend and backend servers. A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy. Affected products include: Redhat Openshift Service Mesh.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict HTTP parsing, normalize requests at proxy layer, use HTTP/2 end-to-end, reject ambiguous headers.

CVE-2020-27846 CRITICAL POC
9.8 Dec 21

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2020-1764 HIGH POC
8.6 Mar 26

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to

CVE-2019-9900 HIGH POC
8.3 Apr 25

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). R

CVE-2021-3495 HIGH
8.8 Jun 01

An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. Rated high

CVE-2020-1762 HIGH
8.6 Apr 27

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version

CVE-2020-1704 HIGH
7.8 Feb 17

An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maist

CVE-2020-8661 HIGH
7.5 Mar 04

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Rate

CVE-2020-8659 HIGH
7.5 Mar 04

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many

CVE-2019-9518 HIGH
7.5 Aug 13

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated

CVE-2019-9517 HIGH
7.5 Aug 13

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of s

CVE-2019-9515 HIGH
7.5 Aug 13

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high s

CVE-2019-9514 HIGH
7.5 Aug 13

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high seve

Vendor StatusVendor

Share

CVE-2025-0752 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy