CVE-2025-11230 — Inefficient Algorithmic Complexity in Technologies Haproxy Community Edition

CWE-407 — Inefficient Algorithmic Complexity9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy Technologies Haproxy Community Edition Haproxy Haproxy Aloha Appliance +7 more

Timeline

PublishedNov 19

Description

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

▶debiandebian/haproxy< haproxy 2.6.12-1+deb12u3 (bookworm)

▶NVDhaproxy/haproxy2.4.0 — 2.4.30+5

▶NVDhaproxy/aloha_appliance14.5.0 — 14.5.33+3

▶NVDhaproxy/kubernetes_ingress_controller1.10.10-ee1 — 1.11.12-ee10+3

▶CVEListV5haproxy_technologies/haproxy_community_edition2.4.0 — 2.4.30+5

🔴Vulnerability Details

GHSA

GHSA-fc36-5gc3-jmhx: Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests↗2025-11-19

▶

OSV

CVE-2025-11230: Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests↗2025-11-19

▶

📋Vendor Advisories

Microsoft

Denial of service vulnerability in HAProxy mjson library↗2025-11-11

▶

Ubuntu

HAProxy vulnerability↗2025-10-06

▶

Red Hat

haproxy: denial of service vulnerability in HAProxy mjson library↗2025-10-03

▶

Debian

CVE-2025-11230: haproxy - Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to ...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2026-26081 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-26080 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶