CVE-2025-24030 : Envoy Gateway is an open source project for managing Envoy Proxy as a standalone

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.

Published 2025-01-23 03:20:28

Updated 2025-01-23 04:15:07

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2025-24030

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2025-24030

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 39 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-24030

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.1	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H	N/A	N/A	GitHub, Inc.	2025-01-23
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: High
7.1	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H	2.8	4.2	GitHub, Inc.	2025-01-23
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: High
7.1	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H	N/A	N/A	RedHat-CVE-2025-24030	2025-01-23
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: High

CWE ids for CVE-2025-24030

CWE-419 Unprotected Primary Channel

The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.
Assigned by:
- a0819718-46f1-4df5-94e2-005712e83aaa (Primary)
- security-advisories@github.com (Primary)

References for CVE-2025-24030

https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge

Configuring Envoy as an edge proxy — envoy 1.29.0-dev-2efbe2 documentation
https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233be07bd

Merge commit from fork · envoyproxy/gateway@3eb3301 · GitHub
https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76

Envoy Admin Interface Exposed through prometheus metrics endpoint · Advisory · envoyproxy/gateway · GitHub
https://www.envoyproxy.io/docs/envoy/latest/operations/admin

Administration interface — envoy 1.34.0-dev-41d8cc documentation

Jump to

Vulnerability Details : CVE-2025-24030

Products affected by CVE-2025-24030

Exploit prediction scoring system (EPSS) score for CVE-2025-24030

CVSS scores for CVE-2025-24030

CWE ids for CVE-2025-24030

References for CVE-2025-24030