Vulnerability Description
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Envoyproxy | Gateway | < 1.2.6 |
Related Weaknesses (CWE)
References
- https://github.com/envoyproxy/gateway/commit/3eb3301ab3dbf12b201b47bdb6074d1233bPatch
- https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76MitigationThird Party Advisory
- https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edgeProduct
- https://www.envoyproxy.io/docs/envoy/latest/operations/adminProduct
FAQ
What is CVE-2025-24030?
CVE-2025-24030 is a vulnerability with a CVSS score of 7.1 (HIGH). Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack t...
How severe is CVE-2025-24030?
CVE-2025-24030 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-24030?
Check the references section above for vendor advisories and patch information. Affected products include: Envoyproxy Gateway.