CVE-2025-8671

Public Exploit
CVE-2025-8671

Description

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.

Category

7.5
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.07%
Affected: SUSE Linux Enterprise Module for Development Tools
Affected: SUSE Linux Enterprise High Performance Computing (HPC)
Affected: Varnish Software Varnish Enterprise
Affected: Varnish Software Varnish Cache
Affected: Varnish Software Varnish Cache
Affected: Fastly H20
Affected: Wind River Linux
Affected: SUSE Linux Enterprise Desktop
Affected: SUSE Linux Enterprise High Performance Computing
Affected: SUSE Linux Enterprise Module for Dev Tools
Affected: SUSE Linux Enterprise Module for Package Hub
Affected: SUSE Linux Enterprise Server
Affected: SUSE Linux Enterprise Server for SAP Applications
Affected: SUSE Linux SUSE Manager Server
Affected: SUSE Linux SUSE Manager Server LTS
Affected: SUSE Linux SUSE Manager Proxy
Affected: SUSE Linux SUSE Manager Retail Branch Server
Affected: SUSE Linux openSUSE Leap
Published at:
Updated at:

References

Link Tags
https://galbarnahum.com/made-you-reset
https://kb.cert.org/vuls/id/767506
https://varnish-cache.org/security/VSV00017.html
https://www.fastlystatus.com/incident/377810
https://github.com/h2o/h2o/commit/4729b661e3c6654198d2cc62997e1af58bef4b80
https://support2.windriver.com/index.php?page=security-notices
https://www.suse.com/support/kb/doc/?id=000021980
https://gitlab.isc.org/isc-projects/bind9/-/issues/5325
https://github.com/h2o/h2o/security/advisories/GHSA-mrjm-qq9m-9mjq
https://deepness-lab.org/publications/madeyoureset/
https://github.com/Kong/kong/discussions/14731
https://github.com/envoyproxy/envoy/issues/40739
https://github.com/varnish/hitch/issues/397
https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/

Frequently Asked Questions

What is the severity of CVE-2025-8671?
CVE-2025-8671 has been scored as a high severity vulnerability.
How to fix CVE-2025-8671?
To fix CVE-2025-8671, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-8671 being actively exploited in the wild?
It is possible that CVE-2025-8671 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-8671?
CVE-2025-8671 affects SUSE Linux Enterprise Module for Development Tools, SUSE Linux Enterprise High Performance Computing (HPC), Varnish Software Varnish Enterprise, Varnish Software Varnish Cache, Varnish Software Varnish Cache, Fastly H20, Wind River Linux, SUSE Linux Enterprise Desktop, SUSE Linux Enterprise High Performance Computing, SUSE Linux Enterprise Module for Dev Tools, SUSE Linux Enterprise Module for Package Hub, SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux SUSE Manager Server, SUSE Linux SUSE Manager Server LTS, SUSE Linux SUSE Manager Proxy, SUSE Linux SUSE Manager Retail Branch Server, SUSE Linux openSUSE Leap.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.