CVE-2025-11375 MEDIUM

CVE-2025-11375: Consul's event endpoint is vulnerable to denial of service

Vendor Hashicorp
Product Consul
Weakness CWE-770 · Uncontrolled resource consumption
Published October 28, 2025
Last update December 9, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

Key dates

02Disclosure timeline

October 28, 2025 CVE published
December 9, 2025 Record updated