VYPR
Moderate severityNVD Advisory· Published Oct 28, 2025· Updated Dec 9, 2025

Consul's event endpoint is vulnerable to denial of service

CVE-2025-11375

Description

Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/consulGo
< 1.22.01.22.0

Affected products

11

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.