CVE-2025-11374

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-11374

Severity

6.5

Medium

CVSS V3

Description

Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.

References

https://images.chainguard.dev/security/CGA-v69v-wcpm-v8gh
https://github.com/advisories/GHSA-7g3r-8c6v-hfmr
https://images.chainguard.dev/security/CGA-967c-8q8x-gv6g
https://images.chainguard.dev/security/CGA-f9r9-5859-cjrr
https://images.chainguard.dev/security/CGA-mw75-65jc-4wm6
https://images.chainguard.dev/security/CGA-2x6q-3p65-rq4v
https://images.chainguard.dev/security/CGA-c97g-pfmx-5mx3
https://images.chainguard.dev/security/CGA-x5qf-cfr9-8jx4
https://images.chainguard.dev/security/CGA-h632-jcmc-h662
https://images.chainguard.dev/security/CGA-3qjm-w55v-5jxc
https://images.chainguard.dev/security/CGA-5jhr-wqqp-6h5w
https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-11374

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company