FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

traefik -- Path traversal vulnerability

Affected packages
traefik < 3.4.1

Details

VuXML ID 67dd7a9e-3cd8-11f0-b601-5404a68ad561
Discovery 2025-05-27
Entry 2025-05-29

The traefik project reports:

There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it's possible to target a backend, exposed using another router, by-passing the middlewares chain.

[source]

References

CVE Name CVE-2025-47952
URL https://nvd.nist.gov/vuln/detail/CVE-2025-47952

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.