CVE-2025-46821

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-46821
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/envoyproxy/envoy/security/advisories/GHSA-c7cm-838g-6g67
Configurations

No configuration.

History

08 May 2025, 14:39

Type Values Removed Values Added
Summary
  • (es) Envoy es un proxy de borde, intermedio y de servicio nativo de la nube. En versiones anteriores a las 1.34.1, 1.33.3, 1.32.6 y 1.31.8, el comparador de plantillas de URI de Envoy excluía incorrectamente el carácter `*` de un conjunto de caracteres válidos en la ruta de URI. Como resultado, una ruta de URI que contenga el carácter `*` no coincidirá con las expresiones de plantilla de URI. Esto puede provocar la omisión de las reglas RBAC al configurarse con los permisos `uri_template`. Esta vulnerabilidad se ha corregido en las versiones 1.34.1, 1.33.3, 1.32.6 y 1.31.8 de Envoy. Como workaround, configure permisos RBAC adicionales mediante `url_path` con la expresión `safe_regex`.

07 May 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-07 22:15

Updated : 2025-05-08 14:39

NVD link : CVE-2025-46821

Mitre link : CVE-2025-46821

CVE.ORG link : CVE-2025-46821

JSON object : View

Products Affected

No product.

CWE
CWE-186

Overly Restrictive Regular Expression