Path Traversal Vulnerability in Traefik HTTP Reverse Proxy and Load Balancer
CVE-2025-32431

8.8HIGH

Key Information:

Vendor

Traefik

Status
Traefik
Vendor
CVE Published:
21 April 2025

What is CVE-2025-32431?

A vulnerability exists in Traefik, an HTTP reverse proxy and load balancer, due to improper handling of URLs containing '/../' in the path. This flaw allows attackers to bypass the middlewares chain by targeting a backend tied to another router when routing is dictated by matcher configurations based on the path. Users are urged to upgrade to versions 2.11.24, 3.3.6, or 3.4.0-rc2, or to implement a PathRegexp rule to avoid the exploitation of this vulnerability.

Affected Version(s)

traefik < 2.11.24 < 2.11.24

traefik < 3.3.6 < 3.3.6

traefik >= 3.4.0-rc1, < 3.4.0-rc2 < 3.4.0-rc1, 3.4.0-rc2

References

https://github.com/traefik/traefik/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/traefik/traefik/pull/11684
x_refsource_MISC
https://github.com/traefik/traefik/releases/tag/v2.11.24
x_refsource_MISC

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32431 : Path Traversal Vulnerability in Traefik HTTP Reverse Proxy and Load Balancer