Log Injection Vulnerability in OpenShift Service Mesh by Red Hat
CVE-2025-0754

4.3MEDIUM

Key Information:

Status
Openshift Service Mesh 2
Vendor
CVE Published:
28 January 2025

What is CVE-2025-0754?

An issue has been identified in OpenShift Service Mesh versions 2.6.3 and 2.5.6, stemming from improper sanitization of HTTP headers by Envoy, specifically the x-forwarded-for header. This flaw permits attackers to inject malicious payloads into service mesh logs, facilitating log injection and spoofing attacks. Consequently, this exploitation can distort logging processes, allowing adversaries to manipulate log entries or potentially execute reflected cross-site scripting (XSS) attacks, posing significant risks to the overall integrity and security of the environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2025-0754
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2339147
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.