CVE-2025-64527

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-64527
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64527.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-64527
Aliases
Published
2025-12-03T18:04:35.160Z
Modified
2025-12-07T04:09:53.479940Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Envoy crashes when JWT authentication is configured with the remote JWKS fetching
Details

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS fetch fails, onJwksError() callback triggers processing of the second token, which calls fetch() again on the same fetcher object. The original callback's reset() then clears the second fetch's state (receiver and request_) which causes a crash when the async HTTP response arrives.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64527.json",
    "cwe_ids": [
        "CWE-476"
    ]
}
References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
63ee0dc79dce88117c6bd2df5a742f8eb67ea980
Last affected
dc2d3098ae5641555f15c71d5bb5ce0060a8015c
Database specific 
{
    "versions": [
        {
            "introduced": "1.36.0"
        },
        {
            "last_affected": "1.36.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
84305a6cb64bd55aaf606bdd53de7cd6080427a1
Last affected
0d240c4b0f5b5db91ef14b1bf424520144b1a75d
Database specific 
{
    "versions": [
        {
            "introduced": "1.35.0"
        },
        {
            "last_affected": "1.35.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
d7809ba2b07fd869d49bfb122b27f6a7977b4d94
Last affected
40ab4828a48f05103573ddee3c807dfa0e3e23f7
Database specific 
{
    "versions": [
        {
            "introduced": "1.34.0"
        },
        {
            "last_affected": "1.34.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d602fb5d4af3ef3740621590e59187233398e0c0
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.33.12"
        }
    ]
}

Affected versions

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.32.0
v1.33.0
v1.33.1
v1.33.10
v1.33.11
v1.33.12
v1.33.2
v1.33.3
v1.33.4
v1.33.5
v1.33.6
v1.33.7
v1.33.8
v1.33.9
v1.34.0
v1.34.1
v1.34.10
v1.34.2
v1.34.3
v1.34.4
v1.34.5
v1.34.6
v1.34.7
v1.34.8
v1.34.9
v1.35.0
v1.35.1
v1.35.2
v1.35.3
v1.35.4
v1.35.5
v1.35.6
v1.36.0
v1.36.1
v1.36.2
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0