Bug 2413003 (CVE-2025-11230) - CVE-2025-11230 haproxy: denial of service vulnerability in HAProxy mjson library
Summary: CVE-2025-11230 haproxy: denial of service vulnerability in HAProxy mjson library
Keywords:
Status: NEW
Alias: CVE-2025-11230
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2413006 2413007 2413005 2413008
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-06 03:17 UTC by OSIDB Bzimport
Modified: 2025-12-01 13:11 UTC (History)
21 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:21691 0 None None None 2025-11-18 13:39:35 UTC
Red Hat Product Errata RHSA-2025:21692 0 None None None 2025-11-18 13:40:09 UTC
Red Hat Product Errata RHSA-2025:21693 0 None None None 2025-11-18 13:50:26 UTC
Red Hat Product Errata RHSA-2025:21694 0 None None None 2025-11-18 13:54:19 UTC
Red Hat Product Errata RHSA-2025:22398 0 None None None 2025-12-01 09:33:09 UTC
Red Hat Product Errata RHSA-2025:22399 0 None None None 2025-12-01 09:54:24 UTC
Red Hat Product Errata RHSA-2025:22422 0 None None None 2025-12-01 13:11:37 UTC

Description OSIDB Bzimport 2025-11-06 03:17:02 UTC 
A flaw was found in haproxy. A stemming from an inefficient algorithmic complexity issue within its bundled mjson parsing library. This vulnerability is triggered when haproxy is configured to analyze JSON content, such as with the json_query or jwt_payload_query function
Comment 2 errata-xmlrpc 2025-11-18 13:39:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21691 https://access.redhat.com/errata/RHSA-2025:21691
Comment 3 errata-xmlrpc 2025-11-18 13:40:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:21692 https://access.redhat.com/errata/RHSA-2025:21692
Comment 4 errata-xmlrpc 2025-11-18 13:50:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21693 https://access.redhat.com/errata/RHSA-2025:21693
Comment 5 errata-xmlrpc 2025-11-18 13:54:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21694 https://access.redhat.com/errata/RHSA-2025:21694
Comment 6 errata-xmlrpc 2025-12-01 09:33:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22398 https://access.redhat.com/errata/RHSA-2025:22398
Comment 7 errata-xmlrpc 2025-12-01 09:54:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:22399 https://access.redhat.com/errata/RHSA-2025:22399
Comment 9 errata-xmlrpc 2025-12-01 13:11:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:22422 https://access.redhat.com/errata/RHSA-2025:22422
Note You need to log in before you can comment on or make changes to this bug.