CVE Tools
Sign in

CVE-2025-8671

CVE-2025-8671

Published: Aug 13, 2025Updated: Nov 4, 2025 Sources: CVE List NVD BDUCWE-404
NVD MITRE
7.5CVSSHIGH
EPSS Score
6.9%
Top 6.8%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-404

Affected Products

Enterprise Module for Development ToolsSUSE Linux
On-prem
Operating Systems / linux-distro
Enterprise High Performance Computing (HPC)SUSE Linux
On-prem
Operating Systems / linux-distro
Varnish EnterpriseVarnish Software
On-prem
Networking Infrastructure / load-balancer-proxy
Varnish CacheVarnish Software
On-prem
Networking Infrastructure / load-balancer-proxy
H20Fastly
SaaS
Cloud & SaaS
suse linuxcommercialDEOperating Systemsaka opensuse, suse
varnish softwarecommercialNetworking Infrastructureaka varnish-cache, varnishproject, varnish cache by varnish software
fastlycommercialUSCloud & SaaSaka fastly.com
and 13 more affected products View all →

Exploitability

Official Patch Available

References

https://galbarnahum.com/made-you-reset
galbarnahum.com
https://github.com/h2o/h2o/commit/4729b661e3c6654198d2cc62997e1af58bef4b80
github.com
https://github.com/h2o/h2o/security/advisories/GHSA-mrjm-qq9m-9mjq
github.com
and 17 more references View all →

Timeline

Published
Aug 13, 2025
Last Updated
Nov 4, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-8671 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows