216.73.217.176

CVE-2025-11374

· Published 28/10/2025 21:15 · Modified 28/10/2025 21:15

Labels: CVE-2025-11374 2025-10-28CVE-2025-11374CWE-770[email protected]

Essential information

Published
28/10/2025 21:15
Modified
28/10/2025 21:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
hashicorp / consul cpe:2.3:a:hashicorp:consul:1.22.0:*:*:*:*:*:*:*
hashicorp / consul cpe:2.3:a:hashicorp:consul:1.21.6:*:*:*:*:*:*:*
hashicorp / consul cpe:2.3:a:hashicorp:consul:1.20.8:*:*:*:*:*:*:*
hashicorp / consul cpe:2.3:a:hashicorp:consul:1.18.12:*:*:*:*:*:*:*

References