PT-2025-4039 · Red Hat · Openshift Service Mesh

Antony Di Scala

Publicado

2025-01-28

Atualizado

2025-07-31

CVE-2025-0752

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions OpenShift Service Mesh versions 2.5.6 through 2.6.3

Description A flaw was found in OpenShift Service Mesh due to improper HTTP header sanitization in Envoy. This may lead to rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks.

Recommendations For versions 2.5.6 and 2.6.3, consider disabling the Envoy HTTP header handling functionality until a patch is available. Restrict access to the Envoy module to minimize the risk of exploitation. Avoid using unsanitized HTTP headers in the affected API endpoints until the issue is resolved.

Correção

HTTP Request/Response Smuggling

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-444

Identificadores relacionados

CVE-2025-0752

Produtos afetados

Openshift Service Mesh

PT-2025-4039 · Red Hat · Openshift Service Mesh

CVE-2025-0752

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9