6.5

CVE-2025-64527

Exploit

EPSS 0.01%
Veröffentlicht 03.12.2025 18:15:46
Zuletzt bearbeitet 05.12.2025 16:56:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allow_missing_or_failed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver_ and request_) which causes a crash when the async HTTP response arrives.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Envoyproxy ≫ Envoy Version < 1.33.13

Envoyproxy ≫ Envoy Version >= 1.34.0 < 1.34.11

Envoyproxy ≫ Envoy Version >= 1.35.0 < 1.35.7

Envoyproxy ≫ Envoy Version >= 1.36.0 < 1.36.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/envoyproxy/envoy/security/advisories/GHSA-mp85-7mrq-r866

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-64527

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64527

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64527

EUVD