CVE-2025-11230

HIGH

HAProxy - DoS

Title source: llm

Description

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

References (1)

[Vendor Advisory] https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-407

Status published

Affected Products (50)

haproxy/aloha_appliance < 14.5.33

haproxy/haproxy < 2.4.30

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

haproxy/haproxy_enterprise

... and 35 more

Timeline

Published Nov 19, 2025

Tracked Since Feb 18, 2026