{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T05:24:51.465","vulnerabilities":[{"cve":{"id":"CVE-2025-11374","sourceIdentifier":"security@hashicorp.com","published":"2025-10-28T21:15:37.300","lastModified":"2025-12-22T16:05:52.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"1.18.12","matchCriteriaId":"DE3AEC9A-D84F-4B7C-9B03-D3B8CE2CD319"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*","versionEndExcluding":"1.22.0","matchCriteriaId":"BD19A817-7366-4C2E-ADF9-35DC889EFE58"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.20.8","matchCriteriaId":"596686CD-4DE0-4C9A-83CC-F07B0D2014DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.21.0","versionEndExcluding":"1.21.6","matchCriteriaId":"8B688D66-7E0A-4969-9187-D5374EDF68B9"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}