VDB
GO-2025-3504
GO-2025-3504
PUBLISHED
Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | envoyproxy/gateway | 0, 1.3.0-rc.1, 0 |
Timeline
- Mar 10, 2025 CVE Published
- Feb 4, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/envoyproxy/gateway/security/advisories/GHSA-mf24-chxh-hmvj advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-25294 advisory
- https://github.com/envoyproxy/gateway/commit/041d474a70d5921e5d65e6e14ea60e14dac70b01 patch
- https://github.com/envoyproxy/gateway/commit/358bed50dcb7b32f39a2edb252fb1399c7fc65dc patch
- https://github.com/envoyproxy/gateway/commit/8f48f5199cf1bbb9a8ac0695c5171bfef6c9198a patch
- https://github.com/envoyproxy/gateway/releases/tag/v1.2.7 url
- https://github.com/envoyproxy/gateway/releases/tag/v1.3.1 url