Loading
Generated remediation guidance and an executive summary. No account required.
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is still coming, resulting in a buffer watermark callback nullptr reference. The vulnerability impacts TCP proxy and HTTP 1 & 2 mixed use cases based on ALPN. This vulnerability is fixed in 1.36.1, 1.35.5, 1.34.9, and 1.33.10.
Cite this page
CVE-2025-62409. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-62409
Use CWE-476, Envoyproxy vendor hub and Envoy product page to widen CVE-2025-62409 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-26308, CVE-2025-54588 and CVE-2025-64527 for nearby disclosures in the same product family.