Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 04 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 04 Aug 2025 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Traefik
Traefik traefik |
|
Vendors & Products |
Traefik
Traefik traefik |
Mon, 04 Aug 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 01 Aug 2025 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0. | |
Title | Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution | |
Weaknesses | CWE-22 CWE-30 |
|
References |
|
|
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-08-04T15:28:06.189Z
Reserved: 2025-07-21T16:12:20.734Z
Link: CVE-2025-54386

Updated: 2025-08-04T15:28:02.818Z

Status : Awaiting Analysis
Published: 2025-08-02T00:15:25.500
Modified: 2025-08-04T15:06:15.833
Link: CVE-2025-54386


Updated: 2025-08-04T08:15:51Z