{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11374", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2025-10-06T15:34:09.965Z", "datePublished": "2025-10-28T20:19:05.292Z", "dateUpdated": "2026-04-17T18:34:14.829Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Consul", "repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "versions": [{"lessThan": "1.22.0", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Consul Enterprise", "repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "versions": [{"changes": [{"at": "1.21.6", "status": "unaffected"}, {"at": "1.20.8", "status": "unaffected"}, {"at": "1.18.12", "status": "unaffected"}], "lessThan": "1.22.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "value": "This issue was identified by Julien Ahrens from RCE Security ([https://www.rcesecurity.com/|https://www.rcesecurity.com/|smart-link] )."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.</p><br/>"}], "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469: HTTP DoS"}]}], "metrics": [{"cvssV3_1": {"baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2026-04-17T18:34:14.829Z"}, "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"}], "source": {"advisory": "HCSEC-2025-29", "discovery": "EXTERNAL"}, "title": "Consul's KV endpoint is vulnerable to denial of service"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-28T20:35:54.518844Z", "id": "CVE-2025-11374", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T20:36:06.085Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11374", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-28T20:35:54.518844Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T20:36:00.377Z"}}], "cna": {"title": "Consul's KV endpoint is vulnerable to denial of service", "source": {"advisory": "HCSEC-2025-29", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "This issue was identified by Julien Ahrens from RCE Security ([https://www.rcesecurity.com/|https://www.rcesecurity.com/|smart-link] )."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469: HTTP DoS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "product": "Consul", "versions": [{"status": "affected", "version": "0", "lessThan": "1.22.0", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/hashicorp/consul", "vendor": "HashiCorp", "product": "Consul Enterprise", "versions": [{"status": "affected", "changes": [{"at": "1.21.6", "status": "unaffected"}, {"at": "1.20.8", "status": "unaffected"}, {"at": "1.18.12", "status": "unaffected"}], "version": "0", "lessThan": "1.22.0", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"}], "descriptions": [{"lang": "en", "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.", "supportingMedia": [{"type": "text/html", "value": "<p>Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2026-04-17T18:34:14.829Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11374", "state": "PUBLISHED", "dateUpdated": "2026-04-17T18:34:14.829Z", "dateReserved": "2025-10-06T15:34:09.965Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2025-10-28T20:19:05.292Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DE3AEC9A-D84F-4B7C-9B03-D3B8CE2CD319", "versionEndExcluding": "1.18.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", "matchCriteriaId": "BD19A817-7366-4C2E-ADF9-35DC889EFE58", "versionEndExcluding": "1.22.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "596686CD-4DE0-4C9A-83CC-F07B0D2014DB", "versionEndExcluding": "1.20.8", "versionStartIncluding": "1.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8B688D66-7E0A-4969-9187-D5374EDF68B9", "versionEndExcluding": "1.21.6", "versionStartIncluding": "1.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."}], "id": "CVE-2025-11374", "lastModified": "2025-12-22T16:05:52.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2025-10-28T21:15:37.300", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"bugzilla": {"description": "github.com/hashicorp/consul: Consul's KV endpoint is vulnerable to denial of service", "id": "2406934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406934"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-11374", "package_state": [{"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}], "public_date": "2025-10-28T20:19:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11374\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11374\nhttps://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T15:52:05.596339+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest fixed release: Consul Community Edition 1.22.0 or Consul Enterprise 1.22.0, 1.21.6, 1.20.8, or 1.18.12.", "Restrict access to the KV endpoint to trusted internal networks or a secure service mesh to reduce exposure to untrusted traffic.", "Monitor KV API traffic for abnormal request patterns and apply rate\u2011limiting or blocking policies against repeated malformed requests."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "HashiCorp Consul Community Edition versions up to 1.21.9 and Consul Enterprise versions up to 1.21.5, 1.20.7 and 1.18.11 are affected. The fix is included in Community Edition 1.22.0 and Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.", "description_and_impact": "The vulnerability is a flaw in Consul\u2019s key/value store HTTP handling. An attacker can exploit the incorrect validation of the Content\u2011Length header when sending requests to the KV endpoint, causing the Consul daemon to consume excessive memory and become unresponsive. This results in an availability loss for services that rely on Consul\u2019s data plane and is classified as CWE\u2011770, Large or Uncontrolled Resource Consumption.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, but the EPSS score of less than 1% shows that exploitation attempts are currently rare, and the vulnerability is not listed in CISA\u2019s KEV catalog. It is inferred that the attack vector is network\u2011based: an attacker must reach the KV API over HTTP or HTTPS and craft a request with a mismatched Content\u2011Length header. The exploit is straightforward for anyone with network access to the service, so systems without proper segmentation may be at higher risk."}}}}, "created": "2025-10-29T10:57:39.019794+00:00", "updated": "2026-04-20T16:00:10.654272+00:00", "vendors": ["hashicorp", "hashicorp$PRODUCT$consul"]}