Back to search
CVE-2025-49763
Published: Jun 19, 2025
Modified: Jun 20, 2025
PUBLISHED
Description
ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Traffic Server | affected 10.0.0 - <= 10.0.5affected 9.0.0 - <= 9.2.10 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now