PT-2025-9996 · Unknown · Envoy Gateway+1

Denniskniep

Publicado

2025-03-06

Atualizado

2025-09-09

CVE-2025-25294

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Envoy Gateway versions prior to 1.2.7 Envoy Gateway versions prior to 1.3.1

Description The issue concerns a default Envoy Proxy access log configuration that is vulnerable to log injection attacks. An attacker can use a specially crafted user-agent to perform JSON injection, allowing them to add and overwrite fields in the access log.

Recommendations For versions prior to 1.2.7, update to version 1.2.7 to resolve the issue. For versions prior to 1.3.1, update to version 1.3.1 to resolve the issue. As a temporary workaround, consider modifying the EnvoyProxy.spec.telemetry.accessLog setting to use a JSON formatter instead of the old text-based default format.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-117

Identificadores relacionados

BIT-ENVOY-GATEWAY-2025-25294

CVE-2025-25294

GHSA-MF24-CHXH-HMVJ

GO-2025-3504

OPENSUSE-SU-2025:14889-1

Produtos afetados

Envoy Gateway

Envoyproxy

PT-2025-9996 · Unknown · Envoy Gateway+1

CVE-2025-25294

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 48