CVE-2025-0752

Name of the Vulnerable Software and Affected Versions OpenShift Service Mesh versions 2.5.6 through 2.6.3

Description A flaw was found in OpenShift Service Mesh due to improper HTTP header sanitization in Envoy. This may lead to rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks.

Recommendations For versions 2.5.6 and 2.6.3, consider disabling the Envoy HTTP header handling functionality until a patch is available. Restrict access to the Envoy module to minimize the risk of exploitation. Avoid using unsanitized HTTP headers in the affected API endpoints until the issue is resolved.