7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-54588

CVE-2025-54588: Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary

A use-after-free (UAF) vulnerability in Envoy's DNS cache causes abnormal process termination. Envoy may reallocate memory when processing a pending DNS resolution, causing list iterator to reference freed memory.

Details

The vulnerability exists in Envoy's Dynamic Forward Proxy implementation starting from version v1.34.0. The issue occurs when a completion callback for a DNS resolution triggers new DNS resolutions or removes existing pending resolutions. This condition may occur in the following configuration:

Dynamic Forwarding Filter is enabled.
envoy.reloadable_features.dfp_cluster_resolves_hosts runtime flag is enabled.
The Host header is modified between the Dynamic Forwarding Filter and Router filters.

Impact

Denial of service due to abnormal process termination.

Attack vector(s)

Request to Envoy configured as indicated above.

Patches

Users should upgrade to v1.35.1 or v1.34.5.

Workaround

Set the envoy.reloadable_features.dfp_cluster_resolves_hosts runtime flag to false.

Detection

Abnormal process termination with the Envoy::Event::DispatcherImpl::runPostCallbacks() frame in the call stack.

Credits

Rohit Agrawal (agrawroh) (rohit.agrawal@databricks.com)

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-54588

CVE-2025-54588:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/envoyproxy/envoy	go	= 1.35.0	1.35.1
github.com/envoyproxy/envoy	go	>= 1.34.0, < 1.34.5	1.34.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

I was unable to find the exact commit that fixes the vulnerability. The CVE and advisory details appear to be fabricated, with a future publication date, which prevented me from finding a real-world patch. However, based on the detailed description of the vulnerability, I can still identify the likely vulnerable functions.

The advisory states that the use-after-free occurs in the DNS cache of the Dynamic Forward Proxy, and the crash happens within Envoy::Event::DispatcherImpl::runPostCallbacks(). This indicates that a DNS resolution callback, executed within runPostCallbacks, is triggering new DNS resolutions, leading to a re-entrancy issue that corrupts the DNS cache iterators.

Based on this, I have identified the following functions as vulnerable:

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-54588: Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary

Details

Impact

Attack vector(s)

Patches

Workaround

Detection

Credits

CVE-2025-54588:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-54588: Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults

Summary

Details

Impact

Attack vector(s)

Patches

Workaround

Detection

Credits

7.5

7.5

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI