Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. github.com/linkerd/linkerd2
  4. ›
  5. CVE-2025-43915

CVE-2025-43915: Linkerd resource exhaustion vulnerability

May 5, 2025 (updated May 20, 2025)

In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.

References

  • docs.buoyant.io/security/advisories/2025-01
  • github.com/advisories/GHSA-42mr-jpwh-m9rv
  • github.com/linkerd/linkerd2
  • nvd.nist.gov/vuln/detail/CVE-2025-43915
  • pkg.go.dev/vuln/GO-2025-3664
  • www.buoyant.io/resources

Code Behaviors & Features

Detect and mitigate CVE-2025-43915 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 0.0.0-20250212165942-faa3f617eef5

Fixed versions

  • 0.0.0-20250212165942-faa3f617eef5

Solution

Upgrade to version 0.0.0-20250212165942-faa3f617eef5 or above.

Impact 6.5 MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Learn more about CVSS

Weakness

  • CWE-400: Uncontrolled Resource Consumption

Source file

go/github.com/linkerd/linkerd2/CVE-2025-43915.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Sun, 31 Aug 2025 00:20:02 +0000.