CNNVD-202512-359 Information

CNNVD ID

CNNVD-202512-359

Related CVE

CVE-2025-64763

• CNNVD Published: 2025-12-03

Description (Chinese)

Envoy是Enphase开源的一款用于连接智能家居设备的网关程序。 Envoy 1.33.12版本、1.34.10版本、1.35.6版本、1.36.2版本及之前版本存在安全漏洞，该漏洞源于TCP代理模式下处理CONNECT请求时存在状态不同步问题。

Description (English)

Envoy is an enphase open source gateway to connect smart home devices. Envoy Version 1.33.12, Version 1.34.10, Version 1.35.6, Version 1.36.2 and previous versions contain a security loophole, which stems from the lack of synchronization in the processing of CONNECT requests under the TCP proxy model.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Enphase

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-rj35-4m94-77jh

Patch

https://www.envoyproxy.io/