{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47952", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-14T10:32:43.531Z", "datePublished": "2025-05-30T03:37:12.685Z", "dateUpdated": "2025-05-30T12:44:38.661Z"}, "containers": {"cna": {"title": "Traefik allows path traversal using url encoding", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "version": "4.0"}}], "references": [{"name": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5"}, {"name": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00"}, {"name": "https://github.com/traefik/traefik/releases/tag/v2.11.25", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/traefik/releases/tag/v2.11.25"}, {"name": "https://github.com/traefik/traefik/releases/tag/v3.4.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/traefik/releases/tag/v3.4.1"}], "affected": [{"vendor": "traefik", "product": "traefik", "versions": [{"version": "< 3.4.1", "status": "affected"}, {"version": "< 2.11.25", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-30T03:37:12.685Z"}, "descriptions": [{"lang": "en", "value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u2019s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1."}], "source": {"advisory": "GHSA-vrch-868g-9jx5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-30T12:44:30.966786Z", "id": "CVE-2025-47952", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T12:44:38.661Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47952", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-30T12:44:30.966786Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T12:44:34.732Z"}}], "cna": {"title": "Traefik allows path traversal using url encoding", "source": {"advisory": "GHSA-vrch-868g-9jx5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.9, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "traefik", "product": "traefik", "versions": [{"status": "affected", "version": "< 3.4.1"}, {"status": "affected", "version": "< 2.11.25"}]}], "references": [{"url": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5", "name": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00", "name": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/traefik/traefik/releases/tag/v2.11.25", "name": "https://github.com/traefik/traefik/releases/tag/v2.11.25", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/traefik/traefik/releases/tag/v3.4.1", "name": "https://github.com/traefik/traefik/releases/tag/v3.4.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u2019s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-30T03:37:12.685Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47952", "state": "PUBLISHED", "dateUpdated": "2025-05-30T12:44:38.661Z", "dateReserved": "2025-05-14T10:32:43.531Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-05-30T03:37:12.685Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ABAB6F8-FB69-449B-BD6F-68A38749A45E", "versionEndExcluding": "2.11.25", "vulnerable": true}, {"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", "matchCriteriaId": "47EFF8B8-76F4-4A24-84E4-49DC2266CAB0", "versionEndExcluding": "3.4.1", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u2019s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1."}, {"lang": "es", "value": "Traefik (pronunciado \"traffic\") es un proxy inverso HTTP y balanceador de carga. En versiones anteriores a la 2.11.25 y la 3.4.1, exist\u00eda una vulnerabilidad potencial en Traefik al gestionar las solicitudes mediante un comparador PathPrefix, Path o PathRegex. Cuando Traefik se configura para enrutar las solicitudes a un backend mediante un comparador basado en la ruta, si la URL contiene una cadena codificada, es posible atacar un backend expuesto mediante otro enrutador, omitiendo la cadena de middleware. Este problema se ha corregido en las versiones 2.11.25 y la 3.4.1."}], "id": "CVE-2025-47952", "lastModified": "2025-11-25T15:10:59.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-30T04:15:46.900", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/traefik/traefik/releases/tag/v2.11.25"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/traefik/traefik/releases/tag/v3.4.1"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"created": "2025-06-24T09:44:18.470065+00:00", "updated": "2025-06-24T09:44:18.470146+00:00", "vendors": ["traefik", "traefik$PRODUCT$traefik"]}