CVE Vulnerabilities

CVE-2025-30157

Improper Cleanup on Thrown Exception

Published: Mar 21, 2025 | Modified: Mar 21, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoys ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filters life time issue. A known situation is the failure of a websocket handshake will trigger a local reply leading to the crash of Envoy. This vulnerability is fixed in 1.33.1, 1.32.4, 1.31.6, and 1.30.10.

Weakness

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

Potential Mitigations

References