Moderate severityNVD Advisory· Published Oct 28, 2025· Updated Apr 17, 2026
Consul's KV endpoint is vulnerable to denial of service
CVE-2025-11374
Description
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | < 1.22.0 | 1.22.0 |
Affected products
11- osv-coords9 versionspkg:apk/chainguard/consul-1.22pkg:apk/chainguard/consul-1.22-oci-entrypointpkg:apk/chainguard/consul-1.22-oci-entrypoint-compatpkg:apk/chainguard/consul-fips-1.22pkg:apk/chainguard/consul-fips-1.22-oci-entrypointpkg:apk/chainguard/consul-fips-1.22-oci-entrypoint-compatpkg:bitnami/consulpkg:golang/github.com/hashicorp/consulpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 1.22.1-r2+ 8 more
- (no CPE)range: < 1.22.1-r2
- (no CPE)range: < 1.22.1-r2
- (no CPE)range: < 1.22.1-r2
- (no CPE)range: < 1.22.2-r1
- (no CPE)range: < 1.22.2-r1
- (no CPE)range: < 1.22.2-r1
- (no CPE)range: < 1.22.0
- (no CPE)range: < 1.22.0
- (no CPE)range: < 0.0.20251105T184115-1.1
- Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-7g3r-8c6v-hfmrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-11374ghsaADVISORY
- discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724ghsaWEB
- github.com/hashicorp/consul/commit/72a358cd02533477536ad4bd2b781f520fa7fac6ghsaWEB
- github.com/hashicorp/consul/pull/22916ghsaWEB
- github.com/hashicorp/consul/releases/tag/v1.22.0ghsaWEB
- pkg.go.dev/vuln/GO-2025-4081ghsaWEB
News mentions
0No linked articles in our index yet.