Blog Post

Azure Network Security Blog
1 MIN READ

Azure Front Door Protection against CVE-2025-8671 (MadeYouReset)

yuvalpery's avatar
yuvalpery
Icon for Microsoft rankMicrosoft
Sep 05, 2025

A new HTTP/2 vulnerability, CVE-2025-8671 (MadeYouReset), was recently disclosed on August 13, 2025. This attack leverages carefully crafted protocol frames to force servers into repeatedly resetting streams on a single connection, which can lead to high resource consumption and denial of service (DoS) in extreme cases. MadeYouReset and Rapid Reset (CVE-2023-44487) are two similar attack patterns exploiting HTTP/2 steam resets feature leading to resource exhaustion.  

Stronger Defense with Azure Front Door  

If you are using Azure Front Door, you are already protected against MadeYouReset vulnerability. Two years ago in 2023, when addressing the Rapid Reset (CVE-2023-44487) attack, our engineering team implemented a comprehensive mitigation for these streams reset types of attacks. Rather than limiting only client-initiated resets, we introduced stronger safeguards to account for all kinds of stream cancellation regardless of the reason   to protect against different flavors of rapid reset attacks.  

Customer Impact 

These safeguards are already active in Azure Front Door. No customer action is required. Azure services remain secure and resilient against this new class of HTTP/2 protocol attacks. 

Published Sep 05, 2025
Version 1.0
No CommentsBe the first to comment