CNNVD-202512-347 Information

Dec 03, 2025 cve

CNNVD ID

CNNVD-202512-347

CVE-2025-66220

  • CNNVD Published: 2025-12-03

Description (Chinese)

Envoy是Enphase开源的一款用于连接智能家居设备的网关程序。 Envoy 1.33.12版本、1.34.10版本、1.35.6版本、1.36.2版本及之前版本存在安全漏洞,该漏洞源于mTLS证书匹配器错误处理嵌入空字节的证书,可能导致无效证书被接受。

Description (English)

Envoy is an enphase open source gateway to connect smart home devices. Envoy Version 1.33.12, Version 1.34.10, Version 1.35.6, Version 1.36.2 and previous versions contain a security loophole resulting from the error of the mTLS certificate matchr in processing an empty byte certificate, which may lead to the acceptance of the invalid certificate.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Enphase

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-rwjg-c3h2-f57p

Patch

https://www.envoyproxy.io/

Share on: