CVE-2025-25294
MEDIUM5.3EPSS 0.36%Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway
Published: 3/6/2025Modified: 2/4/2026
Description
Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway
Affected packages (3)
- Bitnami/envoy-gatewayfrom 0, < 1.2.7, >= 1.3.0, < 1.3.1
- Go/github.com/envoyproxy/gatewayfrom 0, < 1.2.7
- Go/github.com/envoyproxy/gatewayfrom 0, < 1.2.7, >= 1.3.0-rc.1, < 1.3.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-25294
- PATCHhttps://github.com/envoyproxy/gateway
- WEBhttps://github.com/envoyproxy/gateway/commit/041d474a70d5921e5d65e6e14ea60e14dac70b01
- WEBhttps://github.com/envoyproxy/gateway/commit/358bed50dcb7b32f39a2edb252fb1399c7fc65dc
- WEBhttps://github.com/envoyproxy/gateway/commit/8f48f5199cf1bbb9a8ac0695c5171bfef6c9198a
- WEBhttps://github.com/envoyproxy/gateway/releases/tag/v1.2.7
- WEBhttps://github.com/envoyproxy/gateway/releases/tag/v1.3.1
- WEBhttps://github.com/envoyproxy/gateway/security/advisories/GHSA-mf24-chxh-hmvj
- WEBhttps://pkg.go.dev/vuln/GO-2025-3504