CVE-2025-11375
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-11375, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-10-28
Last updated on: 2025-12-22
Assigner: HashiCorp Inc.
Description
Description
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hashicorp | consul | to 1.18.12 (exc) |
| hashicorp | consul | to 1.22.0 (exc) |
| hashicorp | consul | From 1.19.0 (inc) to 1.20.8 (exc) |
| hashicorp | consul | From 1.21.0 (inc) to 1.21.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |