{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T17:52:31.613","vulnerabilities":[{"cve":{"id":"CVE-2025-46821","sourceIdentifier":"security-advisories@github.com","published":"2025-05-07T22:15:21.170","lastModified":"2025-09-03T17:57:13.200","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression."},{"lang":"es","value":"Envoy es un proxy de borde, intermedio y de servicio nativo de la nube. En versiones anteriores a las 1.34.1, 1.33.3, 1.32.6 y 1.31.8, el comparador de plantillas de URI de Envoy excluía incorrectamente el carácter `*` de un conjunto de caracteres válidos en la ruta de URI. Como resultado, una ruta de URI que contenga el carácter `*` no coincidirá con las expresiones de plantilla de URI. Esto puede provocar la omisión de las reglas RBAC al configurarse con los permisos `uri_template`. Esta vulnerabilidad se ha corregido en las versiones 1.34.1, 1.33.3, 1.32.6 y 1.31.8 de Envoy. Como workaround, configure permisos RBAC adicionales mediante `url_path` con la expresión `safe_regex`."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-186"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionEndExcluding":"1.31.8","matchCriteriaId":"2833DD79-9D75-4D76-BCC6-B37B8AA60ED9"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.32.0","versionEndExcluding":"1.32.6","matchCriteriaId":"440D75D9-71F9-4ED8-88F9-7EB79517A12D"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.33.0","versionEndExcluding":"1.33.3","matchCriteriaId":"A3D6249F-FC0F-4177-8CD6-09B4A0B1A5B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:1.34.0:*:*:*:*:*:*:*","matchCriteriaId":"EE9081A0-23D5-448B-AA4D-46478DE6E65B"}]}]}],"references":[{"url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-c7cm-838g-6g67","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}