What is the CVSS score of CVE-2025-66220?

CVE-2025-66220 has a CVSS 3.1 base score of 5.0 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Envoy are affected by CVE-2025-66220?

Organizations using Envoy should be aware of moderate risk from CVE-2025-66220 rated CVSS 5.0. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-66220?

Yes, a public proof-of-concept exploit is available for CVE-2025-66220. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-66220?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Envoy CVE-2025-66220

EUVD-2025-201090 MEDIUM

Improper Null Termination (CWE-170)

2025-12-03 security-advisories@github.com

GHSA-rwjg-c3h2-f57p

Information Disclosure Debian Envoy Red Hat

5.0

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

5.0 MEDIUM

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

Red Hat

5.0 MEDIUM

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201090

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

PoC Detected

Dec 05, 2025 - 15:44 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 19:15 nvd

MEDIUM 5.0

DescriptionGitHub Advisory

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.

Analysis

Technical ContextAI

This vulnerability is classified as Improper Null Termination (CWE-170).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Vendor StatusVendor

Debian

Bug #987544

envoyproxy

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2025-66220 vulnerability details – vuln.today

Back

Envoy CVE-2025-66220

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code