CVE-2025-11374 is a vulnerability classified under CWE-770, indicating allocation of resources without limits or throttling, found in HashiCorp Consul's key/value endpoint. The root cause is improper validation of the HTTP Content-Length header, which allows an attacker to send requests that cause the server to allocate excessive resources. This can lead to denial of service by exhausting memory or processing capacity, thereby disrupting the availability of Consul services. Consul is widely used for service discovery, configuration, and orchestration in cloud-native environments. The vulnerability requires network access and low privileges (PR:L) but does not require user interaction. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates that the attack can be performed remotely over the network with low complexity, no user interaction, and results in high impact on availability only. The vulnerability affects all versions prior to Consul Community Edition 1.22.0 and corresponding enterprise versions 1.22.0, 1.21.6, 1.20.8, and 1.18.12 have been released to address this issue. No public exploits have been reported yet, but the nature of the flaw makes it a potential target for DoS attacks. The lack of throttling or resource limits in processing the Content-Length header is the core technical issue, allowing attackers to overwhelm the system.

For European organizations, the primary impact of CVE-2025-11374 is on service availability. Consul is often a critical component in microservices architectures and cloud infrastructure management; disruption can cascade to dependent applications and services, causing operational downtime and potential business impact. While confidentiality and integrity are not directly affected, the unavailability of Consul services can hinder deployment pipelines, service discovery, and configuration management, leading to degraded performance or outages. Organizations with large-scale or complex cloud environments that rely heavily on Consul are at greater risk. Additionally, the medium complexity and remote exploitability mean that attackers could automate DoS attempts, potentially targeting high-value infrastructure. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

1. Upgrade Consul to Community Edition 1.22.0 or later, or the corresponding patched Enterprise versions (1.22.0, 1.21.6, 1.20.8, 1.18.12) as soon as possible to eliminate the vulnerability. 2. Implement network segmentation and restrict access to Consul's key/value endpoints to trusted hosts and networks only, using firewalls or access control lists. 3. Deploy rate limiting and request size validation at the network edge or via API gateways to detect and block abnormal Content-Length header values or excessive request sizes. 4. Monitor Consul logs and network traffic for unusual patterns indicative of resource exhaustion attempts, such as repeated large or malformed requests. 5. Consider deploying resource usage monitoring and alerting on Consul servers to detect early signs of DoS conditions. 6. Review and enforce secure configuration best practices for Consul, including authentication and authorization controls to limit exposure. 7. Prepare incident response plans to quickly isolate and mitigate DoS attacks targeting Consul infrastructure.