CVE-2025-25294

Published: Mar 6, 2025

Modified: Mar 6, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to the access log. This vulnerability is fixed in 1.3.1 and 1.2.7. One can overwrite the old text based default format with JSON formatter by modifying the "EnvoyProxy.spec.telemetry.accessLog" setting.

Vendor	Product	Versions
envoyproxy	gateway	affected `>= 1.3.0-rc.1, < 1.3.1` affected `< 1.2.7`

Weaknesses (CWE)

CWE-117

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/envoyproxy/gateway/security/advisories/GHSA-mf24-chxh-hmvj

x_refsource_CONFIRM

https://github.com/envoyproxy/gateway/commit/8f48f5199cf1bbb9a8ac0695c5171bfef6c9198a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-25294

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References