CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-54386 – Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-54386
01 Aug 2025 — Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is f... • https://github.com/traefik/plugin-service/pull/71 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-30: Path Traversal: '\dir\..\filename' •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47952 – Traefik allows path traversal using url encoding
https://notcve.org/view.php?id=CVE-2025-47952
30 May 2025 — Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versio... • https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-32431 – Traefik has a possible vulnerability with the path matchers
https://notcve.org/view.php?id=CVE-2025-32431
21 Apr 2025 — Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versi... • https://github.com/traefik/traefik/pull/11684 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •