Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Envoy Proxy Improper Null Termination Vulnerability - CVE-2025-66220 - Vulnerability Database
Envoy Proxy

Envoy Proxy Improper Null Termination Vulnerability - CVE-2025-66220

High
Reference: CVE-2025-66220
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-66220
Title: Envoy Proxy Improper Null Termination Vulnerability
Overview:

Envoy is a high-performance edge/middle/service proxy. In 1.33.12 1.34.10 1.35.6 1.36.2 and earlier Envoys mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (0) inside an OTHERNAME SAN value as valid matches.