Envoy allows large requests and responses to cause TCP connection...

6.6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Description

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.

Basic Information

ID CVE-2025-62409

Source GitHub_M

Published Oct 16, 2025 at 17:47

Affected Product

Vendor envoyproxy

Product envoy

Version >= 1.36.0, < 1.36.1

Affected Versions envoyproxy envoy >= 1.36.0, < 1.36.1
envoyproxy envoy >= 1.35.0, < 1.35.5
envoyproxy envoy >= 1.34.0, < 1.34.9
envoyproxy envoy < 1.33.10

CWE Classification

CWE-476

References

github.com /envoyproxy/envoy/security/advisories/GHSA-pq33-4jxh-hgm3

{
    "lastseen": "",
    "description": "Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.",
    "published": "2025-10-16T17:47:25.585Z",
    "modified": "2025-10-16T17:47:25.585Z",
    "type": "cve",
    "title": "Envoy allows large requests and responses to cause TCP connection pool crash",
    "source": "GitHub_M",
    "references": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pq33-4jxh-hgm3",
    "id": "CVE-2025-62409",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "envoyproxy envoy >= 1.36.0, < 1.36.1\nenvoyproxy envoy >= 1.35.0, < 1.35.5\nenvoyproxy envoy >= 1.34.0, < 1.34.9\nenvoyproxy envoy < 1.33.10",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "envoy",
    "version": ">= 1.36.0, < 1.36.1",
    "vendor": "envoyproxy",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Envoy allows large requests and responses to cause TCP connection pool crash_CVE-2025-62409