CNNVD-202512-360 Information

CNNVD ID

CNNVD-202512-360

Related CVE

CVE-2025-64527

• CNNVD Published: 2025-12-03

Description (Chinese)

Envoy是Enphase开源的一款用于连接智能家居设备的网关程序。 Envoy 1.33.12版本、1.34.10版本、1.35.6版本、1.36.2版本及之前版本存在代码问题漏洞，该漏洞源于JWT认证配置中存在重入错误，可能导致崩溃。

Description (English)

Envoy is an enphase open source gateway to connect smart home devices. Envoy Version 1.33.12, Version 1.34.10, Version 1.35.6, Version 1.36.2 and previous versions have a code gap, which stems from a re-entry error in the JWT authentication configuration and could lead to a breakdown.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Enphase

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-mp85-7mrq-r866

Patch

https://www.envoyproxy.io/