CVE-2025-25294
MEDIUM5.3EPSS 0.36%Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway
發布日:2025/3/6修改日:2026/2/4
描述
Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway
受影響套件(3)
- Bitnami/envoy-gatewayfrom 0, < 1.2.7, >= 1.3.0, < 1.3.1
- Go/github.com/envoyproxy/gatewayfrom 0, < 1.2.7
- Go/github.com/envoyproxy/gatewayfrom 0, < 1.2.7, >= 1.3.0-rc.1, < 1.3.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-25294
- PATCHhttps://github.com/envoyproxy/gateway
- WEBhttps://github.com/envoyproxy/gateway/commit/041d474a70d5921e5d65e6e14ea60e14dac70b01
- WEBhttps://github.com/envoyproxy/gateway/commit/358bed50dcb7b32f39a2edb252fb1399c7fc65dc
- WEBhttps://github.com/envoyproxy/gateway/commit/8f48f5199cf1bbb9a8ac0695c5171bfef6c9198a
- WEBhttps://github.com/envoyproxy/gateway/releases/tag/v1.2.7
- WEBhttps://github.com/envoyproxy/gateway/releases/tag/v1.3.1
- WEBhttps://github.com/envoyproxy/gateway/security/advisories/GHSA-mf24-chxh-hmvj
- WEBhttps://pkg.go.dev/vuln/GO-2025-3504