{"id":"GO-2025-3504","summary":"Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway","details":"Envoy Gateway Log Injection Vulnerability in github.com/envoyproxy/gateway","aliases":["BIT-envoy-gateway-2025-25294","CVE-2025-25294","GHSA-mf24-chxh-hmvj"],"modified":"2026-03-17T04:51:52.038003Z","published":"2025-03-10T19:01:10Z","related":["CGA-484h-632p-8c4h"],"database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3504"},"references":[{"type":"ADVISORY","url":"https://github.com/envoyproxy/gateway/security/advisories/GHSA-mf24-chxh-hmvj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25294"},{"type":"FIX","url":"https://github.com/envoyproxy/gateway/commit/041d474a70d5921e5d65e6e14ea60e14dac70b01"},{"type":"FIX","url":"https://github.com/envoyproxy/gateway/commit/358bed50dcb7b32f39a2edb252fb1399c7fc65dc"},{"type":"FIX","url":"https://github.com/envoyproxy/gateway/commit/8f48f5199cf1bbb9a8ac0695c5171bfef6c9198a"},{"type":"WEB","url":"https://github.com/envoyproxy/gateway/releases/tag/v1.2.7"},{"type":"WEB","url":"https://github.com/envoyproxy/gateway/releases/tag/v1.3.1"}],"affected":[{"package":{"name":"github.com/envoyproxy/gateway","ecosystem":"Go","purl":"pkg:golang/github.com/envoyproxy/gateway"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.2.7"},{"introduced":"1.3.0-rc.1"},{"fixed":"1.3.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3504.json"}}],"schema_version":"1.7.5"}