CVE-2025-54386

Name
CVE-2025-54386
Description
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefikā€™s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/traefik/plugin-service/pull/71
MISC https://github.com/traefik/plugin-service/pull/72
MISC https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800
MISC https://github.com/traefik/traefik/pull/11911
MISC https://github.com/traefik/traefik/releases/tag/v2.11.28
CONFIRM https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg

Match rules

CPE URI Source package Min version Max version
traefik <= 2.11.27 < 2.11.28
traefik <= 3.0.0 < 3.4.5
traefik >= 3.5.0-rc1 < 3.5.0-rc2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
traefik edge-community 3.1.7-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.1.7-r5 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.22-community 3.4.0-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable