CVE-2025-47952

CVE-2025-47952

Name

CVE-2025-47952

Description

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00
MISC	https://github.com/traefik/traefik/releases/tag/v2.11.25
MISC	https://github.com/traefik/traefik/releases/tag/v3.4.1
CONFIRM	https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5

Type

URI

MISC

https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00

MISC

https://github.com/traefik/traefik/releases/tag/v2.11.25

MISC

https://github.com/traefik/traefik/releases/tag/v3.4.1

CONFIRM

https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5

CPE URI	Source package	Min version	Max version
	traefik	>= 0	< 3.4.1
	traefik	>= 0	< 2.11.25

CPE URI

Source package

Min version

Max version

traefik

>= 0

< 3.4.1

traefik

>= 0

< 2.11.25

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
traefik	edge-community	3.4.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.22-community	3.4.0-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.22-community	3.4.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.22-community	3.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.22-community	3.1.7-r5	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages