CVE-2025-46821: Envoy vulnerable to bypass of RBAC uri_template permission

Q: What is the severity of CVE-2025-46821?

CVE-2025-46821 has a severity rating of medium due to the potential impact on URI path matching in Envoy.

Q: How do I fix CVE-2025-46821?

To fix CVE-2025-46821, upgrade Envoy to versions 1.34.1, 1.33.3, 1.32.6, or 1.31.8 or later.

Q: What versions of Envoy are affected by CVE-2025-46821?

CVE-2025-46821 affects Envoy versions prior to 1.34.1, 1.33.3, 1.32.6, and 1.31.8.

Q: What types of applications are vulnerable to CVE-2025-46821?

Applications using Envoy as a proxy before the patched versions are vulnerable to CVE-2025-46821.

Q: What are the implications of CVE-2025-46821 for my deployment?

CVE-2025-46821 can lead to unexpected behavior in routing requests with `*` in the URI path, potentially affecting application functionality.

Published May 7, 2025

Updated

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression.

Affected Software

5 affected components

Envoy Envoy<1.31.8

Envoyproxy Envoy<1.31.8

Envoyproxy Envoy>=1.32.0<1.32.6

Envoyproxy Envoy>=1.33.0<1.33.3

Envoyproxy Envoy=1.34.0

Event History

May 7, 2025

CVE Published

via MITRE·09:24 PM

Data Sourced

via MITRE·09:24 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-46821?

CVE-2025-46821 has a severity rating of medium due to the potential impact on URI path matching in Envoy.

How do I fix CVE-2025-46821?

To fix CVE-2025-46821, upgrade Envoy to versions 1.34.1, 1.33.3, 1.32.6, or 1.31.8 or later.

What versions of Envoy are affected by CVE-2025-46821?

CVE-2025-46821 affects Envoy versions prior to 1.34.1, 1.33.3, 1.32.6, and 1.31.8.

What types of applications are vulnerable to CVE-2025-46821?

Applications using Envoy as a proxy before the patched versions are vulnerable to CVE-2025-46821.

What are the implications of CVE-2025-46821 for my deployment?

CVE-2025-46821 can lead to unexpected behavior in routing requests with `*` in the URI path, potentially affecting application functionality.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.