CVE-2025-24030
HIGHDescription
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| envoyproxy | gateway |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-24030? +
How severe is CVE-2025-24030? +
What products are affected by CVE-2025-24030? +
How do I check if I'm vulnerable to CVE-2025-24030? +
Related Vulnerabilities
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain …
The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open …
Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent …
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end …
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with …
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC …