PT-2025-44204 · Hashicorp+2 · Hashicorp Consul+3
Julien Ahrens
·
Published
2025-10-28
·
Updated
2025-12-22
·
CVE-2025-11375
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Consul versions prior to 1.22.0
Consul Enterprise versions prior to 1.22.0
Consul Enterprise version 1.21.6
Consul Enterprise version 1.20.8
Consul Enterprise version 1.18.12
Description
The event endpoint in Consul and Consul Enterprise is susceptible to a denial of service (DoS) condition. This is caused by the absence of a maximum value restriction on the Content Length header. A malicious actor could potentially exploit this to disrupt service availability.
Recommendations
Update Consul to version 1.22.0 or later.
Update Consul Enterprise to version 1.22.0 or later.
Update Consul Enterprise to version 1.21.6.
Update Consul Enterprise to version 1.20.8.
Update Consul Enterprise to version 1.18.12.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hashicorp Consul
Hashicorp Consul Enterprise
Debian
Red Os