Use-After-Free Vulnerability in Envoy Proxy by Envoy Project
CVE-2025-54588

7.5HIGH

Key Information:

Vendor

Envoyproxy

Status
Envoy
Vendor
CVE Published:
2 September 2025

What is CVE-2025-54588?

A use-after-free vulnerability exists in Envoy's DNS cache, leading to unexpected process termination. This flaw arises from Envoy's Dynamic Forward Proxy feature, particularly when a completion callback for a DNS resolution triggers new DNS resolutions or cancels pending resolutions. This scenario is more likely if the dynamic forwarding filter is enabled and specific runtime flags are set. The vulnerability is mitigated in versions 1.34.5 and 1.35.1. For users unable to upgrade, setting the 'envoy.reloadable_features.dfp_cluster_resolves_hosts' runtime flag to false can help avoid exploitation.

Affected Version(s)

envoy >= 1.34.0, < 1.34.5 < 1.34.0, 1.34.5

envoy >= 1.35.0, < 1.35.1 < 1.35.0, 1.35.1

References

https://github.com/envoyproxy/envoy/security/advisories/G...
x_refsource_CONFIRM
https://github.com/envoyproxy/envoy/releases/tag/v1.34.5
x_refsource_MISC
https://github.com/envoyproxy/envoy/releases/tag/v1.35.1
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.