Vulnerabilities

CVE-2025-66220

by Fred · 03/12/2025

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte () inside an OTHERNAME SAN value as valid matches.

More information : https://github.com/envoyproxy/envoy/security/advisories/GHSA-rwjg-c3h2-f57p

Similar

Tags: Cybersecurity Alert