Path Matcher Exploit in Traefik Reverse Proxy Product by Traefik
CVE-2025-47952

2.9LOW

Key Information:

Vendor

Traefik

Status
Traefik
Vendor
CVE Published:
30 May 2025

What is CVE-2025-47952?

A vulnerability exists in Traefik that allows an attacker to manipulate request routing by leveraging PathPrefix, Path, or PathRegex matchers. When configured improperly, this could enable an attacker to route requests to a backend service through encoded paths, bypassing essential middlewares. This potential exploit could lead to unauthorized access or service disruption. The vulnerability has been addressed in Traefik versions 2.11.25 and 3.4.1, which users are advised to upgrade to for enhanced security.

Affected Version(s)

traefik < 3.4.1 < 3.4.1

traefik < 2.11.25 < 2.11.25

References

https://github.com/traefik/traefik/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/traefik/traefik/commit/08d5dfee0164aa5...
x_refsource_MISC
https://github.com/traefik/traefik/releases/tag/v2.11.25
x_refsource_MISC

CVSS V4

Score:
2.9
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-47952 : Path Matcher Exploit in Traefik Reverse Proxy Product by Traefik