diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
index 1ef74441..5027fe7b 100644
--- a/bazel/repository_locations.bzl
+++ b/bazel/repository_locations.bzl
@@ -1,7 +1,7 @@
 REPOSITORY_LOCATIONS = dict(
     envoy = dict(
-        # envoy 1.27.4 from release v1.27.4-fork2
-        commit = "31f980b46a9ee24c545655be82b6849d6b9a16a8",
+        # envoy 1.27.5 from release v1.27.5-fork1
+        commit = "defe1b87c9aaa8c2881b4dcd20813c733932e768",
         remote = "https://github.com/solo-io/envoy-fork",
     ),
     inja = dict(
diff --git a/changelog/v1.27.5-patch1/cve-bump-envoy.yaml b/changelog/v1.27.5-patch1/cve-bump-envoy.yaml
new file mode 100644
index 00000000..f1ace48a
--- /dev/null
+++ b/changelog/v1.27.5-patch1/cve-bump-envoy.yaml
@@ -0,0 +1,10 @@
+changelog:
+- type: DEPENDENCY_BUMP
+  dependencyOwner: solo-io
+  dependencyRepo: envoy-fork
+  dependencyTag: v1.27.5-fork1
+  issueLink: https://github.com/solo-io/solo-projects/issues/6077
+  resolvesIssue: false
+  description: >
+    Bump to upstream envoy v1.27.5
+    Tackles auto_sni CVE-2024-32475