cbcvebase.
CVE-2025-11375
published 2025-10-28

CVE-2025-11375: Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header…

PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.40%
32.0th percentile
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianconsul
github.comhashicorp_consul>= 0 < 1.22.01.22.0
hashicorpconsul< 1.18.121.18.12
hashicorpconsul< 1.22.01.22.0
hashicorpconsul>= 1.19.0 < 1.20.81.20.8
hashicorpconsul>= 1.21.0 < 1.21.61.21.6
hashicorpconsul_enterprise< 1.22.01.22.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.