CVE-2025-66491

CVE-2025-66491

Name

CVE-2025-66491

Description

Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certificate verification) actually disables verification, allowing man-in-the-middle attacks against HTTPS backends when operators believe they are protected. This issue is fixed in version 3.6.3.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/traefik/traefik/commit/14a1aedf5704673d875d210d7bacf103a43c77e4
MISC	https://github.com/traefik/traefik/releases/tag/v3.6.3
CONFIRM	https://github.com/traefik/traefik/security/advisories/GHSA-7vww-mvcr-x6vj

Type

URI

MISC

https://github.com/traefik/traefik/commit/14a1aedf5704673d875d210d7bacf103a43c77e4

MISC

https://github.com/traefik/traefik/releases/tag/v3.6.3

CONFIRM

https://github.com/traefik/traefik/security/advisories/GHSA-7vww-mvcr-x6vj

CPE URI	Source package	Min version	Max version
	traefik	>= 3.5.0	< 3.6.3

CPE URI

Source package

Min version

Max version

traefik

>= 3.5.0

< 3.6.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
traefik	edge-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r6	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r5	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r4	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

traefik

edge-community

3.6.2-r1

Francesco Colista <fcolista@alpinelinux.org>

possibly vulnerable

traefik

edge-community