CVE-2025-47952

Name
CVE-2025-47952
Description
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00
MISC https://github.com/traefik/traefik/releases/tag/v2.11.25
MISC https://github.com/traefik/traefik/releases/tag/v3.4.1
CONFIRM https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5

Match rules

CPE URI Source package Min version Max version
traefik >= 0 < 3.4.1
traefik >= 0 < 2.11.25
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* traefik >= None < 2.11.25
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* traefik >= 3.0.0 < 3.4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
traefik edge-community 3.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.1.7-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.1.3-r0 None possibly vulnerable
traefik edge-community 2.9.10-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 2.9.6-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 2.2.8-r0 None possibly vulnerable
traefik 3.22-community 3.4.0-r4 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.4.0-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.1.7-r5 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.1.3-r0 None possibly vulnerable
traefik 3.22-community 2.9.10-r0 None possibly vulnerable
traefik 3.22-community 2.9.6-r0 None possibly vulnerable
traefik 3.22-community 2.2.8-r0 None possibly vulnerable