Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-24030
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-23 Jan, 2025 | 04:15
Updated At-04 Sep, 2025 | 14:02

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CPE Matches
envoyproxy
envoyproxy
>>gateway>>Versions before 1.2.6(exclusive)
cpe:2.3:a:envoyproxy:gateway:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-419Primarysecurity-advisories@github.com
CWE ID: CWE-419
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233be07bdsecurity-advisories@github.com
Patch
https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76security-advisories@github.com
Third Party Advisory
Mitigation
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edgesecurity-advisories@github.com
Product
https://www.envoyproxy.io/docs/envoy/latest/operations/adminsecurity-advisories@github.com
Product
Hyperlink: https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233be07bd
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76
Source: security-advisories@github.com
Resource:
Third Party Advisory
Mitigation
Hyperlink: https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge
Source: security-advisories@github.com
Resource:
Product
Hyperlink: https://www.envoyproxy.io/docs/envoy/latest/operations/admin
Source: security-advisories@github.com
Resource:
Product
Change History
0Changes found
Details not found