CVE-2025-43915: Linkerd resource exhaustion vulnerability

May 5, 2025 (updated May 20, 2025)

In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.

References

docs.buoyant.io/security/advisories/2025-01
github.com/advisories/GHSA-42mr-jpwh-m9rv
github.com/linkerd/linkerd2
nvd.nist.gov/vuln/detail/CVE-2025-43915
pkg.go.dev/vuln/GO-2025-3664
www.buoyant.io/resources

Code Behaviors & Features

Detect and mitigate CVE-2025-43915 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →