/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-27513

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-27513

CGA ID

CGA-j5m9-hfj2-w34c

Severity

Unknown

Description

OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2.

References

  • https://images.chainguard.dev/security/CGA-j5m9-hfj2-w34c

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs