4 matches found
CVE-2025-24030
A flaw was found in Envoy Gateway. This vulnerability allows a user with access to a Kubernetes cluster where Envoy Gateway is installed to use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can terminate the Envoy proces...
CVE-2025-24030 vulnerabilities
Vulnerabilities for packages: envoy-gateway...
CVE-2025-24030 vulnerabilities
Vulnerabilities for packages: envoy-gateway...
CVE-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...