Moderate severityNVD Advisory· Published Mar 21, 2025· Updated Mar 21, 2025
Envoy crashes when HTTP ext_proc processes local replies
CVE-2025-30157
Description
Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/envoyproxy/envoyGo | < 1.30.10 | 1.30.10 |
github.com/envoyproxy/envoyGo | >= 1.31.0, < 1.31.6 | 1.31.6 |
github.com/envoyproxy/envoyGo | >= 1.32.0, < 1.32.4 | 1.32.4 |
github.com/envoyproxy/envoyGo | >= 1.33.0, < 1.33.1 | 1.33.1 |
Affected products
4- osv-coords3 versionspkg:bitnami/envoypkg:golang/github.com/envoyproxy/envoypkg:rpm/opensuse/istioctl&distro=openSUSE%20Tumbleweed
< 1.30.10+ 2 more
- (no CPE)range: < 1.30.10
- (no CPE)range: < 1.30.10
- (no CPE)range: < 1.25.1-1.1
- Range: >= 1.33.0, < 1.33.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-cf3q-gqg7-3fm9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-30157ghsaADVISORY
- github.com/envoyproxy/envoy/commit/8eda1b8ef5ba8663d16a737ab99458c039a9b53cghsax_refsource_MISCWEB
- github.com/envoyproxy/envoy/security/advisories/GHSA-cf3q-gqg7-3fm9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.