以下是关键信息: CVE Identifier: CVE-2025-11230 CVSSv3 Score: 7.5 (HIGH) Description: - A flaw was discovered in how the mjson library, used by HAProxy, processes extremely large numbers. This is identified in CVE 2023-30421. - When HAProxy encounters requests containing these large numbers (e.g., 1e100000000000000) in certain JSON parsing contexts (specifically , , sample fetch methods), it can process for approximately one second before aborting. Affected versions: - HAProxy Community Edition: 2.4, 2.6, 2.8, 3.0, 3.1, 3.2 - HAProxy Enterprise: hapee-2.4r1, hapee-2.6r1, hapee-2.8r1, hapee-3.0r1, hapee-3.1r1 - HAProxy ALOHA Appliance: 17.0, 16.5, 15.5, 14.5 - HAProxy Kubernetes Ingress Controller: All versions - HAProxy Enterprise Kubernetes Ingress Controller: All versions Fixed versions: - 2.4.30, 2.6.23, 2.8.16, 3.0.12, 3.1.9, 3.2.6 - hapee-2.4r1-lb-1.0.0-294.1446, hapee-2.6r1-lb-1.0.0-301.1704, hapee-2.8r1-lb-1.0.0-327.1146, hapee-3.0r1-lb-1.0.0-346.795, hapee-3.1r1-lb-1.0.0-349.585 - 17.0.7, 16.5.19, 15.5.28, 14.5.33 - v3.1.12 - v1.9.14-ee7, v1.11.12-ee10, v3.0.15-ee4 Recommendation: Upgrade to the latest version immediately.