CVE-2025-66220
03.12.2025, 19:15
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoys mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an OTHERNAME SAN value as valid matches.Enginsight
| Vendor | Product | Version |
|---|---|---|
| envoyproxy | envoy | 𝑥 < 1.33.13 |
| envoyproxy | envoy | 1.34.0 ≤ 𝑥 < 1.34.11 |
| envoyproxy | envoy | 1.35.0 ≤ 𝑥 < 1.35.7 |
| envoyproxy | envoy | 1.36.0 ≤ 𝑥 < 1.36.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration