Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traffic Server’s ESI plugin that enables unauthenticated attackers to exhaust memory and potentially crash proxy nodes. Given ATS’s…
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/06/cve-2025-49763-remote-dos-via-memory-exhaustion-in-apache-traffic-server-via-esi-plugin/
