DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-27513

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-27513

CGA ID

CGA-j5m9-hfj2-w34c

Severity

Unknown

Description

OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2.

References

  • https://images.chainguard.dev/security/CGA-j5m9-hfj2-w34c
  • https://github.com/advisories/GHSA-8785-wc3w-h8q6
  • https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-8785-wc3w-h8q6
  • https://github.com/open-telemetry/opentelemetry-dotnet/commit/1b555c1201413f2f55f2cd3c4ba03ef4b615b6b5

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Chainguard ContainersChainguard LibrariesChainguard VMs

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customer StoriesChainguard Love

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Unchained BlogEventsTrust CenterDocumentation