CVE-2025-66490

Name
CVE-2025-66490
Description
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, bypassing security controls for the /admin/ path. This issue is fixed in versions 2.11.32 and 3.6.3.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/traefik/traefik/releases/tag/v2.11.32
MISC https://github.com/traefik/traefik/releases/tag/v3.6.4
CONFIRM https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c

Match rules

CPE URI Source package Min version Max version
traefik >= 0 github.com/traefik/traefik/v3 < 3.6.3
traefik >= 0 github.com/traefik/traefik/v2 < 2.11.32
traefik >= 0 github.com/traefik/traefik <= 1.7.34
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* traefik >= None < 2.11.32
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* traefik >= 3.0.0 < 3.6.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
traefik edge-community 3.6.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.6.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.5.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.5.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.5.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.4.0-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.4-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.3-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.3.2-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.1.7-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 3.1.3-r0 None possibly vulnerable
traefik edge-community 2.9.10-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 2.9.6-r0 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik edge-community 2.2.8-r0 None possibly vulnerable
traefik 3.23-community 3.6.2-r6 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.23-community 3.6.2-r5 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.23-community 3.6.2-r4 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.23-community 3.6.2-r3 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.23-community 3.6.2-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable
traefik 3.23-community 3.6.2-r1 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable