CVE-2025-62409
HIGHEnvoy < 1.36.1, 1.35.5, 1.34.9, 1.33.10 - Denial of Service via TCP Connection Pool Flow Control
Title source: llmDescription
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/envoyproxy/envoy/security/advisories/GHSA-pq33-4jxh-hgm3
Scores
CVSS v3
7.5
EPSS
0.0042
EPSS Percentile
33.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (2)
envoyproxy/envoy
1.36.0
envoyproxy/envoy
< 1.33.11
Published
Oct 16, 2025
Tracked Since
Feb 18, 2026