{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54386", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-21T16:12:20.734Z", "datePublished": "2025-08-01T23:32:21.747Z", "dateUpdated": "2025-08-04T15:28:06.189Z"}, "containers": {"cna": {"title": "Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-30", "lang": "en", "description": "CWE-30: Path Traversal: 'dir..filename'", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "version": "4.0"}}], "references": [{"name": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"}, {"name": "https://github.com/traefik/plugin-service/pull/71", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/plugin-service/pull/71"}, {"name": "https://github.com/traefik/plugin-service/pull/72", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/plugin-service/pull/72"}, {"name": "https://github.com/traefik/traefik/pull/11911", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/traefik/pull/11911"}, {"name": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"}, {"name": "https://github.com/traefik/traefik/releases/tag/v2.11.28", "tags": ["x_refsource_MISC"], "url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"}], "affected": [{"vendor": "traefik", "product": "traefik", "versions": [{"version": "<= 2.11.27, < 2.11.28", "status": "affected"}, {"version": "<= 3.0.0, < 3.4.5", "status": "affected"}, {"version": ">= 3.5.0-rc1, < 3.5.0-rc2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-01T23:32:21.747Z"}, "descriptions": [{"lang": "en", "value": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0."}], "source": {"advisory": "GHSA-q6gg-9f92-r9wg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-04T15:27:58.318834Z", "id": "CVE-2025-54386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T15:28:06.189Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-04T15:27:58.318834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T15:28:02.818Z"}}], "cna": {"title": "Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution", "source": {"advisory": "GHSA-q6gg-9f92-r9wg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "traefik", "product": "traefik", "versions": [{"status": "affected", "version": "<= 2.11.27, < 2.11.28"}, {"status": "affected", "version": "<= 3.0.0, < 3.4.5"}, {"status": "affected", "version": ">= 3.5.0-rc1, < 3.5.0-rc2"}]}], "references": [{"url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg", "name": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/traefik/plugin-service/pull/71", "name": "https://github.com/traefik/plugin-service/pull/71", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/traefik/plugin-service/pull/72", "name": "https://github.com/traefik/plugin-service/pull/72", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/traefik/traefik/pull/11911", "name": "https://github.com/traefik/traefik/pull/11911", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800", "name": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/traefik/traefik/releases/tag/v2.11.28", "name": "https://github.com/traefik/traefik/releases/tag/v2.11.28", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-30", "description": "CWE-30: Path Traversal: 'dir..filename'"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-01T23:32:21.747Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54386", "state": "PUBLISHED", "dateUpdated": "2025-08-04T15:28:06.189Z", "dateReserved": "2025-07-21T16:12:20.734Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-01T23:32:21.747Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0."}, {"lang": "es", "value": "Traefik es un proxy inverso HTTP y balanceador de carga. En las versiones 2.11.27 y anteriores, 3.0.0 a 3.4.4 y 3.5.0-rc1, se descubri\u00f3 una vulnerabilidad de Path traversal en el mecanismo de instalaci\u00f3n del complemento de WASM Traefik. Al proporcionar un archivo ZIP manipulado con fines malintencionados que contiene rutas de archivos con secuencias ../, un atacante puede sobrescribir archivos arbitrarios en el sistema fuera del directorio del complemento. Esto puede provocar ejecuci\u00f3n remota de c\u00f3digo (RCE), escalada de privilegios, persistencia o denegaci\u00f3n de servicio. Esto se ha corregido en las versiones 2.11.28, 3.4.5 y 3.5.0."}], "id": "CVE-2025-54386", "lastModified": "2025-08-04T15:06:15.833", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-08-02T00:15:25.500", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/traefik/plugin-service/pull/71"}, {"source": "security-advisories@github.com", "url": "https://github.com/traefik/plugin-service/pull/72"}, {"source": "security-advisories@github.com", "url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"}, {"source": "security-advisories@github.com", "url": "https://github.com/traefik/traefik/pull/11911"}, {"source": "security-advisories@github.com", "url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"}, {"source": "security-advisories@github.com", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-30"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "traefik: Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution", "id": "2386070", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386070"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "(CWE-22|CWE-30)", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-54386", "package_state": [{"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Fix deferred", "package_name": "devspaces/traefik-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}], "public_date": "2025-08-01T23:32:21Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-54386\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-54386\nhttps://github.com/traefik/plugin-service/pull/71\nhttps://github.com/traefik/plugin-service/pull/72\nhttps://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800\nhttps://github.com/traefik/traefik/pull/11911\nhttps://github.com/traefik/traefik/releases/tag/v2.11.28\nhttps://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"], "threat_severity": "Moderate"}

{"created": "2025-08-04T08:15:51.150600+00:00", "updated": "2025-08-04T08:15:51.150674+00:00", "vendors": ["traefik", "traefik$PRODUCT$traefik"]}