1 results (0.001 seconds)
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 1
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 1CVE-2025-22870 – HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
https://notcve.org/view.php?id=CVE-2025-22870
12 Mar 2025 — Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable. • https://github.com/JoshuaProvoste/CVE-2025-22870 • CWE-20: Improper Input Validation CWE-115: Misinterpretation of Input •