CVE-2025-11230: Denial of service vulnerability in HAProxy mjson library

Published Nov 6, 2025
·
Updated

A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the jsonquery or jwtpayloadquery function

Other sources

Denial of service vulnerability in HAProxy mjson library

Microsoft

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

NVD

Affected Software

205 affected componentsFixes available
HAProxy HAProxy
Microsoft azl3 haproxy 2.9.11-3
Patch available
Microsoft cbl2 haproxy 2.4.24-1
Patch available
Microsoft cbl2 haproxy 2.4.24-2
Patch available
Microsoft azl3 haproxy 2.9.11-4
Patch available
HAProxy Aloha Appliance>=14.5.0<14.5.33
HAProxy Aloha Appliance>=15.5.0<15.5.28
HAProxy Aloha Appliance>=16.5.0<16.5.19
HAProxy Aloha Appliance>=17.0.0<17.0.7
HAProxy HAProxy>=2.4.0<2.4.30
HAProxy HAProxy>=2.6.0<2.6.23
HAProxy HAProxy>=2.8.0<2.8.16
HAProxy HAProxy>=3.0.0<3.0.12
HAProxy HAProxy>=3.1.0<3.1.9
HAProxy HAProxy>=3.2.0<3.2.6
HAProxy Haproxy Enterprise=2.4r1-1.0.0-253.271
HAProxy Haproxy Enterprise=2.4r1-1.0.0-254.271
HAProxy Haproxy Enterprise=2.4r1-1.0.0-259.342
HAProxy Haproxy Enterprise=2.4r1-1.0.0-263.343
HAProxy Haproxy Enterprise=2.4r1-1.0.0-264.356
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.356
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.373
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.459
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.464
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.477
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.499
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.553
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.560
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.564
HAProxy Haproxy Enterprise=2.4r1-1.0.0-268.596
HAProxy Haproxy Enterprise=2.4r1-1.0.0-269.596
HAProxy Haproxy Enterprise=2.4r1-1.0.0-269.599
HAProxy Haproxy Enterprise=2.4r1-1.0.0-270.616
HAProxy Haproxy Enterprise=2.4r1-1.0.0-271.673
HAProxy Haproxy Enterprise=2.4r1-1.0.0-271.677
HAProxy Haproxy Enterprise=2.4r1-1.0.0-272.683
HAProxy Haproxy Enterprise=2.4r1-1.0.0-272.686
HAProxy Haproxy Enterprise=2.4r1-1.0.0-272.728
HAProxy Haproxy Enterprise=2.4r1-1.0.0-274.752
HAProxy Haproxy Enterprise=2.4r1-1.0.0-276.752
HAProxy Haproxy Enterprise=2.4r1-1.0.0-277.814
HAProxy Haproxy Enterprise=2.4r1-1.0.0-277.831
HAProxy Haproxy Enterprise=2.4r1-1.0.0-278.838
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.852
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.859
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.877
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.911
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.940
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.952
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.953
HAProxy Haproxy Enterprise=2.4r1-1.0.0-279.956
HAProxy Haproxy Enterprise=2.4r1-1.0.0-280.956
HAProxy Haproxy Enterprise=2.4r1-1.0.0-282.998
HAProxy Haproxy Enterprise=2.4r1-1.0.0-282.999
HAProxy Haproxy Enterprise=2.4r1-1.0.0-284.999
HAProxy Haproxy Enterprise=2.4r1-1.0.0-285.1010
HAProxy Haproxy Enterprise=2.4r1-1.0.0-286.1064
HAProxy Haproxy Enterprise=2.4r1-1.0.0-286.1068
HAProxy Haproxy Enterprise=2.4r1-1.0.0-286.1089
HAProxy Haproxy Enterprise=2.4r1-1.0.0-286.1094
HAProxy Haproxy Enterprise=2.4r1-1.0.0-288.1094
HAProxy Haproxy Enterprise=2.4r1-1.0.0-288.1158
HAProxy Haproxy Enterprise=2.4r1-1.0.0-288.1167
HAProxy Haproxy Enterprise=2.4r1-1.0.0-288.1189
HAProxy Haproxy Enterprise=2.4r1-1.0.0-289.1189
HAProxy Haproxy Enterprise=2.4r1-1.0.0-290.1239
HAProxy Haproxy Enterprise=2.4r1-1.0.0-291.1246
HAProxy Haproxy Enterprise=2.4r1-1.0.0-292.1293
HAProxy Haproxy Enterprise=2.4r1-1.0.0-294.1346
HAProxy Haproxy Enterprise=2.4r1-1.0.0-294.1364
HAProxy Haproxy Enterprise=2.4r1-1.0.0-294.1376
HAProxy Haproxy Enterprise=2.4r1-1.0.0-294.1377
HAProxy Haproxy Enterprise=2.4r1-1.0.0-294.1442
HAProxy Haproxy Enterprise=2.6r1-1.0.0-281.466
HAProxy Haproxy Enterprise=2.6r1-1.0.0-282.561
HAProxy Haproxy Enterprise=2.6r1-1.0.0-283.562
HAProxy Haproxy Enterprise=2.6r1-1.0.0-283.565
HAProxy Haproxy Enterprise=2.6r1-1.0.0-283.616
HAProxy Haproxy Enterprise=2.6r1-1.0.0-283.632
HAProxy Haproxy Enterprise=2.6r1-1.0.0-283.633
HAProxy Haproxy Enterprise=2.6r1-1.0.0-283.636
HAProxy Haproxy Enterprise=2.6r1-1.0.0-284.636
HAProxy Haproxy Enterprise=2.6r1-1.0.0-285.726
HAProxy Haproxy Enterprise=2.6r1-1.0.0-285.727
HAProxy Haproxy Enterprise=2.6r1-1.0.0-287.727
HAProxy Haproxy Enterprise=2.6r1-1.0.0-288.770
HAProxy Haproxy Enterprise=2.6r1-1.0.0-288.773
HAProxy Haproxy Enterprise=2.6r1-1.0.0-288.848
HAProxy Haproxy Enterprise=2.6r1-1.0.0-288.849
HAProxy Haproxy Enterprise=2.6r1-1.0.0-289.1020
HAProxy Haproxy Enterprise=2.6r1-1.0.0-289.1028
HAProxy Haproxy Enterprise=2.6r1-1.0.0-289.1041
HAProxy Haproxy Enterprise=2.6r1-1.0.0-289.873
HAProxy Haproxy Enterprise=2.6r1-1.0.0-289.975
HAProxy Haproxy Enterprise=2.6r1-1.0.0-289.976
HAProxy Haproxy Enterprise=2.6r1-1.0.0-291.1046
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1046
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1055
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1120
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1147
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1148
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1156
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1181
HAProxy Haproxy Enterprise=2.6r1-1.0.0-292.1187
HAProxy Haproxy Enterprise=2.6r1-1.0.0-293.1189
HAProxy Haproxy Enterprise=2.6r1-1.0.0-293.1190
HAProxy Haproxy Enterprise=2.6r1-1.0.0-294.1212
HAProxy Haproxy Enterprise=2.6r1-1.0.0-294.1285
HAProxy Haproxy Enterprise=2.6r1-1.0.0-295.1303
HAProxy Haproxy Enterprise=2.6r1-1.0.0-296.1392
HAProxy Haproxy Enterprise=2.6r1-1.0.0-296.1416
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1416
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1474
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1487
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1511
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1542
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1557
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1596
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1603
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1606
HAProxy Haproxy Enterprise=2.6r1-1.0.0-299.1618
HAProxy Haproxy Enterprise=2.6r1-1.0.0-300.1666
HAProxy Haproxy Enterprise=2.6r1-1.0.0-301.1666
HAProxy Haproxy Enterprise=2.8r1-1.0.0-302.234
HAProxy Haproxy Enterprise=2.8r1-1.0.0-304.266
HAProxy Haproxy Enterprise=2.8r1-1.0.0-305.279
HAProxy Haproxy Enterprise=2.8r1-1.0.0-305.285
HAProxy Haproxy Enterprise=2.8r1-1.0.0-306.288
HAProxy Haproxy Enterprise=2.8r1-1.0.0-306.289
HAProxy Haproxy Enterprise=2.8r1-1.0.0-307.317
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.350
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.364
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.373
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.374
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.418
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.422
HAProxy Haproxy Enterprise=2.8r1-1.0.0-310.424
HAProxy Haproxy Enterprise=2.8r1-1.0.0-311.449
HAProxy Haproxy Enterprise=2.8r1-1.0.0-311.452
HAProxy Haproxy Enterprise=2.8r1-1.0.0-311.453
HAProxy Haproxy Enterprise=2.8r1-1.0.0-312.592
HAProxy Haproxy Enterprise=2.8r1-1.0.0-312.613
HAProxy Haproxy Enterprise=2.8r1-1.0.0-317.613
HAProxy Haproxy Enterprise=2.8r1-1.0.0-318.674
HAProxy Haproxy Enterprise=2.8r1-1.0.0-319.699
HAProxy Haproxy Enterprise=2.8r1-1.0.0-319.723
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.750
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.761
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.770
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.780
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.781
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.783
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.831
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.851
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.853
HAProxy Haproxy Enterprise=2.8r1-1.0.0-320.895
HAProxy Haproxy Enterprise=2.8r1-1.0.0-321.895
HAProxy Haproxy Enterprise=2.8r1-1.0.0-321.901
HAProxy Haproxy Enterprise=2.8r1-1.0.0-321.919
HAProxy Haproxy Enterprise=2.8r1-1.0.0-321.931
HAProxy Haproxy Enterprise=2.8r1-1.0.0-321.934
HAProxy Haproxy Enterprise=2.8r1-1.0.0-321.937
HAProxy Haproxy Enterprise=2.8r1-1.0.0-322.942
HAProxy Haproxy Enterprise=2.8r1-1.0.0-324.1030
HAProxy Haproxy Enterprise=2.8r1-1.0.0-324.1071
HAProxy Haproxy Enterprise=2.8r1-1.0.0-324.1072
HAProxy Haproxy Enterprise=2.8r1-1.0.0-324.947
HAProxy Haproxy Enterprise=2.8r1-1.0.0-326.1073
HAProxy Haproxy Enterprise=3.0r1-1.0.0-337.363
HAProxy Haproxy Enterprise=3.0r1-1.0.0-337.390
HAProxy Haproxy Enterprise=3.0r1-1.0.0-337.394
HAProxy Haproxy Enterprise=3.0r1-1.0.0-339.395
HAProxy Haproxy Enterprise=3.0r1-1.0.0-339.405
HAProxy Haproxy Enterprise=3.0r1-1.0.0-339.415
HAProxy Haproxy Enterprise=3.0r1-1.0.0-339.455
HAProxy Haproxy Enterprise=3.0r1-1.0.0-339.466
HAProxy Haproxy Enterprise=3.0r1-1.0.0-339.471
HAProxy Haproxy Enterprise=3.0r1-1.0.0-341.475
HAProxy Haproxy Enterprise=3.0r1-1.0.0-342.482
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.495
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.503
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.561
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.564
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.591
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.608
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.641
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.655
HAProxy Haproxy Enterprise=3.0r1-1.0.0-344.672
HAProxy Haproxy Enterprise=3.0r1-1.0.0-345.673
HAProxy Haproxy Enterprise=3.0r1-1.0.0-346.792
HAProxy Haproxy Enterprise=3.1r1-1.0.0-345.233
HAProxy Haproxy Enterprise=3.1r1-1.0.0-346.274
HAProxy Haproxy Enterprise=3.1r1-1.0.0-346.287
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.299
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.338
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.362
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.405
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.419
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.431
HAProxy Haproxy Enterprise=3.1r1-1.0.0-347.449
HAProxy Haproxy Enterprise=3.1r1-1.0.0-348.519
HAProxy Kubernetes Ingress Controller<1.9.14-ee7
HAProxy Kubernetes Ingress Controller<3.1.12
HAProxy Kubernetes Ingress Controller>=1.10.10-ee1<1.11.12-ee10
HAProxy Kubernetes Ingress Controller>=3.0.0-ee1<3.0.15-ee4

Event History

Nov 6, 2025
Data Sourced
via Red Hat·03:17 AM
DescriptionSeverityAffected Software
Nov 19, 2025
CVE Published
via MITRE·09:28 AM
Data Sourced
via MITRE·09:28 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·10:15 AM
DescriptionSeverityWeaknessAffected Software
Nov 21, 2025
Data Sourced
via Microsoft·01:03 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·01:03 AM
Affected Software
Updated
via Microsoft·01:03 AM
DescriptionSeverity
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-11230?

CVE-2025-11230 has been classified with a moderate severity due to its potential for denial of service.

2

How do I fix CVE-2025-11230?

To mitigate CVE-2025-11230, update HAProxy to the latest version that includes the security patch addressing this vulnerability.

3

What versions of HAProxy are affected by CVE-2025-11230?

CVE-2025-11230 affects specific versions of HAProxy that utilize the mjson parsing library for JSON content analysis.

4

What is the impact of CVE-2025-11230?

The impact of CVE-2025-11230 can lead to inefficient resource consumption, potentially resulting in denial of service conditions.

5

How can I prevent CVE-2025-11230 from being exploited?

Preventing CVE-2025-11230 from being exploited can be achieved by avoiding the use of the json_query or jwt_payload_query functions in HAProxy until patched.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203