CVE-2025-43915: Linkerd resource exhaustion vulnerability

May 5, 2025 (updated May 6, 2025)

In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd releases 2.16.* before 2.16.5, 2.17.* before 2.17.2, and 2.18.* before 2.18.0, resource exhaustion can occur for Linkerd proxy metrics.

References

docs.buoyant.io/security/advisories/2025-01
github.com/advisories/GHSA-42mr-jpwh-m9rv
github.com/linkerd/linkerd2
nvd.nist.gov/vuln/detail/CVE-2025-43915
www.buoyant.io/resources

Code Behaviors & Features

Detect and mitigate CVE-2025-43915 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →