6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-30157

CVE-2025-30157: Envoy crashes when HTTP ext_proc processes local replies

Summary

Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the fail of a websocket handshake will trigger a local reply leading to the crash of Envoy.

PoC

If both websocket and ext_proc are enabled, a failed handshake will trigger a local reply, thus ext_proc will crash.

Mitigation

Disable websocket traffic
Change the websocket response from backend to always return 101 Switch protocol based on RFC.
Apply the patch and the ext_proc filter will not send the local reply that is generated by Envoy to the ext_proc server for processing.
Apply the patch that the router will cancel the upstream requests when sending a local reply.

Impact

Denial of service

Reporter

Vasilios Syrakis Fernando Cainelli

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-30157

CVE-2025-30157:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/envoyproxy/envoy	go
github.com/envoyproxy/envoy	go
github.com/envoyproxy/envoy	go
github.com/envoyproxy/envoy	go

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues: 1) The router filter didn't properly reset upstream requests during local replies (CWE-460 cleanup failure), and 2) The ext_proc filter continued processing after local reply generation when its state was invalid. The commit adds 'resetAll()' in router.h and 'processing_complete_' handling in ext_proc.h to address these issues. Both functions were directly modified in the security patch, and their pre-patch versions clearly match the described vulnerability mechanics (lifetime issues during WebSocket failures).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-30157: Envoy crashes when HTTP ext_proc processes local replies

Summary

PoC

Mitigation

Impact

Reporter

CVE-2025-30157:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-30157: Envoy crashes when HTTP ext_proc processes local replies

Summary

PoC

Mitigation

Impact

Reporter

6.5

6.5

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI