CVE-2025-0752 HIGH

CVE-2025-0752: Envoyproxy: openshift service mesh envoy http header sanitization bypass leading to dos and unauthorized access

Vendor Red Hat
Product OpenShift Service Mesh 2
Weakness CWE-444
Published January 28, 2025
Last update February 24, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.

Key dates

02Disclosure timeline

January 28, 2025 CVE published
February 24, 2026 Record updated