Denial of service vulnerability in HAProxy mjson library_CVE-2025-11230

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

Basic Information

ID CVE-2025-11230

Source canonical

Published Nov 19, 2025 at 09:28

Affected Product

Vendor HAProxy Technologies

Product HAProxy Community Edition

Version 2.4.0

Affected Versions HAProxy Technologies HAProxy Community Edition 2.4.0
HAProxy Technologies HAProxy Community Edition 2.6.0
HAProxy Technologies HAProxy Community Edition 2.8.0
HAProxy Technologies HAProxy Community Edition 3.0.0
HAProxy Technologies HAProxy Community Edition 3.1.0
HAProxy Technologies HAProxy Community Edition 3.2.0

CWE Classification

CWE-407

References

www.haproxy.com /blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability

{
    "lastseen": "",
    "description": "Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.",
    "published": "2025-11-19T09:28:39.750Z",
    "modified": "2025-11-19T09:28:39.750Z",
    "type": "cve",
    "title": "Denial of service vulnerability in HAProxy mjson library",
    "source": "canonical",
    "references": "https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability",
    "id": "CVE-2025-11230",
    "bulletinFamily": "",
    "cwe": [
        "CWE-407"
    ],
    "cvelist": null,
    "sourceData": "HAProxy Technologies HAProxy Community Edition 2.4.0\nHAProxy Technologies HAProxy Community Edition 2.6.0\nHAProxy Technologies HAProxy Community Edition 2.8.0\nHAProxy Technologies HAProxy Community Edition 3.0.0\nHAProxy Technologies HAProxy Community Edition 3.1.0\nHAProxy Technologies HAProxy Community Edition 3.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HAProxy Community Edition",
    "version": "2.4.0",
    "vendor": "HAProxy Technologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}