Vulnerability Description
OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/open-telemetry/opentelemetry-dotnet/commit/1b555c1201413f2f55
- https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-
FAQ
What is CVE-2025-27513?
CVE-2025-27513 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is re...
How severe is CVE-2025-27513?
CVE-2025-27513 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27513?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.