On this page
1.25.5-patch1
Solo build of Istio version 1.25.5-patch1 patch release.
This release note describes the changes of Solo builds between Istio versions 1.25.5-patch0 and 1.25.5-patch1, a Solo-specific release.
Security Notice
This build includes a fix of Envoy CVEs:
- CVE-2025-66220: (CVSS score 8.1, High): TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates withOTHERNAMESANs containing an embedded null byte as valid. - CVE-2025-64527: (CVSS score 6.5, Medium): Envoy crashes when JWT authentication is configured with the remote JWKS fetching.
- CVE-2025-64763: (CVSS score 5.3, Medium): Potential request smuggling from early data after the CONNECT upgrade.
General
This release only features changes related to the Envoy CVE.
Solo Flavor Changes
No changes in this section.
FIPS Flavor Changes
No changes in this section.