cvedb.io
CVE-2025-0752
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2025-01-28T10:15:09.493 · Last modified 2026-06-17T08:27:05.760

Summary

A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.

Affected products

redhat — openshift_service_mesh

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.