CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-46821 – Envoy vulnerable to bypass of RBAC uri_template permission
https://notcve.org/view.php?id=CVE-2025-46821
07 May 2025 — Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-c7cm-838g-6g67 • CWE-186: Overly Restrictive Regular Expression •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-30157 – Envoy crashes when HTTP ext_proc processes local replies
https://notcve.org/view.php?id=CVE-2025-30157
28 Feb 2025 — Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10. These are all security issues fixed in the istioctl-1.25.1-1.1 package on the... • https://github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53c • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32475 – Envoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytes
https://notcve.org/view.php?id=CVE-2024-32475
18 Apr 2024 — Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 2... • https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704b7bad382 • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion •