CVE-2025-62504 | Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 per_connection_buffer_limit_bytes use after free (GHSA-gcxr-6vrp-wff3)

Inserito da Angelo Barbosa | Ott 17, 2025 | CVE

A vulnerability has been found in Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 and classified as critical. Impacted is the function per_connection_buffer_limit_bytes. Performing manipulation results in use after free.

This vulnerability is known as CVE-2025-62504. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.

CVE-2025-62504 | Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 per_connection_buffer_limit_bytes use after free (GHSA-gcxr-6vrp-wff3)

Post correlati

CVE-2024-27959 | Wpexpertsio WC Shop Sync Plugin up to 4.2.9 on WordPress cross site scripting

CVE-2022-32507 | Nuki Bridge up to 2.12.3/3.3.4 BLE Command access control

CVE-2024-1301 | Badger Meter Monitool up to 4.6.3 j_username sql injection

CVE-2024-37300 | jupyterhub oauthenticator up to 16.3.0 authorization (GHSA-gprj-3p75-f996)