CVE-2025-46821 — Overly Restrictive Regular Expression in Envoy

CWE-186 — Overly Restrictive Regular Expression CWE-129 — Improper Validation of Array Index2 documents2 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 80.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Envoyproxy Envoy Msrc Azl3 Kernel 6.6.47.1-1 ON Azure Linux 3.0 Msrc Azl3 Kernel 6.6.51.1-5 ON Azure Linux 3.0 +3 more

Timeline

Latest updateSep 10

PublishedMay 7

Description

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a worka…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

▶NVDenvoyproxy/envoy1.32.0 — 1.32.6+3

▶CVEListV5envoyproxy/envoy>= 1.32.0, < 1.32.6, >= 1.33.0, < 1.33.3, >= 1.34.0, < 1.34.1+2

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

▶msrcmsrc/azl3_kernel_6.6.47.1-1_on_azure_linux_3.0

📋Vendor Advisories

Microsoft

drm/amd/pm: Fix negative array index read↗2024-09-10

▶