Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traffic Server’s ESI plugin that enables unauthenticated attackers to exhaust memory and potentially crash proxy nodes. Given ATS’s role in global content delivery[1], even a single node failure can black-hole thousands of sessions. Organizations should urgently upgrade to version 9.2.11 or 10.0.6 and enforce the new inclusion-depth safeguard.

Why reverse‑proxy servers matter
Every web request you make today almost certainly travels through one or more reverse‑proxy caches before it reaches the origin application. These proxies:

• Off‑load origin servers by caching hot objects
• Collapse duplicate requests during traffic spikes
• Terminate TLS and enforce security controls
• And sit “at the edge”, close to end‑users, to shave hundreds of milliseconds off page‑load time.
  Because they concentrate so much traffic, a single reverse‑proxy node going offline can black‑hole thousands of concurrent sessions; at scale, an outage ripples outward like a dropped stone in water, slowing CDNs, SaaS platforms, media portals and on‑line banks alike. Denial‑of‑service (DoS) conditions on these boxes are therefore high‑impact events, not a mere nuisance.
  ...
  CVE-2025-49763 is a newly disclosed flaw in Apache Traffic Server’s Edge-Side Includes plugin that allows an unauthenticated attacker to embed or request endlessly nested <esi:include> tags, forcing the proxy to consume all available memory until it is out-of-memory-killed and service is lost.

This vulnerability can be exploited via two different ways:

A threat actor could exploit an Edge Side Include injection and recursively inject the same page over and over again.

exploitation via esi injection

A threat actor could also host a malicious server next to a target, behind a vulnerable traffic server proxy and take down the proxy by triggering the ESI request avalanche. (see Fig 2).

exploitation via malicious error

This results in a full denial of service on edge proxy nodes, triggered remotely without requiring authentication.