{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T13:32:38.586","vulnerabilities":[{"cve":{"id":"CVE-2025-66220","sourceIdentifier":"security-advisories@github.com","published":"2025-12-03T19:15:58.010","lastModified":"2025-12-05T15:44:26.663","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\\0) inside an OTHERNAME SAN value as valid matches."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-170"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionEndExcluding":"1.33.13","matchCriteriaId":"B303FFFE-9973-4E7E-8A8C-DE847B725534"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.34.0","versionEndExcluding":"1.34.11","matchCriteriaId":"4419A82D-995F-4DD0-BAE1-3825791245D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.35.0","versionEndExcluding":"1.35.7","matchCriteriaId":"C50E067C-AE0D-4B14-A442-53603039EFCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.36.0","versionEndExcluding":"1.36.3","matchCriteriaId":"B39C3DF2-E73F-4B66-9504-C24E329ACB54"}]}]}],"references":[{"url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-rwjg-c3h2-f57p","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}