CVE-2025-62409NULL Pointer Dereference in Envoy

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
6.6MEDIUMNVD
EPSS
0.0%
top 98.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Envoyproxy Envoy
Timeline
PublishedOct 16

Description

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5envoyproxy/envoy< 1.33.10+3
NVDenvoyproxy/envoy1.34.01.34.9+3

🔴Vulnerability Details

1
CVEList
Envoy allows large requests and responses to cause TCP connection pool crash2025-10-16

📋Vendor Advisories

1
Red Hat
envoy-main: Envoy TCP connection pool crash2025-10-16