CVE-2025-11375 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting HashiCorp Consul and Consul Enterprise's event endpoint. The root cause is the absence of a maximum limit on the Content-Length HTTP header, which allows an attacker to send excessively large payloads to the event endpoint. Since Consul processes these requests without enforcing size restrictions, this can lead to resource exhaustion such as memory or CPU overload, resulting in denial of service (DoS). The vulnerability requires only network access and low privileges (PR:L), with no user interaction needed, making it relatively easy to exploit remotely. The CVSS v3.1 score is 6.5 (medium severity), reflecting the high impact on availability but no impact on confidentiality or integrity. The vulnerability affects all versions prior to Consul Community Edition 1.22.0 and Enterprise versions 1.22.0, 1.21.6, 1.20.8, and 1.18.12, where the issue has been fixed. No public exploits or active exploitation have been reported yet, but the nature of the flaw means it could be leveraged to disrupt service availability in environments relying on Consul for service discovery and configuration management. Consul is widely used in cloud-native and microservices architectures, making this vulnerability relevant for organizations using these technologies.

For European organizations, the primary impact of CVE-2025-11375 is the potential disruption of service availability due to denial of service attacks targeting Consul's event endpoint. Since Consul is commonly used for service discovery, configuration, and orchestration in cloud and DevOps environments, a successful attack could lead to cascading failures in dependent applications and services. This could affect critical infrastructure, financial services, telecommunications, and other sectors heavily reliant on cloud-native technologies. The lack of confidentiality or integrity impact limits data breach risks, but operational downtime could result in financial losses, reputational damage, and compliance issues under regulations like GDPR if service interruptions affect customer-facing systems. The ease of exploitation without user interaction increases the risk of automated attacks, potentially amplifying the threat in large-scale deployments. Organizations with extensive microservices architectures or multi-cloud environments using Consul are particularly vulnerable to availability degradation or outages.

To mitigate CVE-2025-11375, European organizations should promptly upgrade to the fixed versions of Consul Community Edition (1.22.0 or later) and Consul Enterprise (1.22.0, 1.21.6, 1.20.8, or 1.18.12 and later). Until patching is complete, implement network-level protections such as rate limiting and request size restrictions on the event endpoint to prevent resource exhaustion. Deploy Web Application Firewalls (WAFs) or API gateways capable of enforcing maximum Content-Length headers and detecting anomalous traffic patterns. Monitor Consul logs and metrics for unusual spikes in request sizes or resource usage indicative of exploitation attempts. Isolate Consul instances within segmented network zones to limit exposure. Additionally, review and harden Consul configurations to minimize unnecessary exposure of the event endpoint to untrusted networks. Incorporate this vulnerability into incident response plans and conduct regular security assessments focusing on resource allocation and throttling controls.