CVE-2025-11230

CVE Database · CVE-2025-11230

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

0.47%

Published

Nov 19, 2025

Modified

Dec 19, 2025

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-407

Affected Products (200)

haproxy · aloha_appliance (up to 14.5.33)vulnerable

haproxy · aloha_appliance (up to 15.5.28)vulnerable

haproxy · aloha_appliance (up to 16.5.19)vulnerable

haproxy · aloha_appliance (up to 17.0.7)vulnerable

haproxy · haproxy (up to 2.4.30)vulnerable

haproxy · haproxy (up to 2.6.23)vulnerable

haproxy · haproxy (up to 2.8.16)vulnerable

haproxy · haproxy (up to 3.0.12)vulnerable

· haproxy

References (1)

Vendor Advisory