CVE-2025-54386 Information

Aug 03, 2025 cve

Description

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below 3.0.0 through 3.4.4 and 3.5.0-rc1 a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE) privilege escalation persistence or denial of service. This is fixed in versions 2.11.28 3.4.5 and 3.5.0.

Reference

https://github.com/traefik/plugin-service/pull/71 https://github.com/traefik/plugin-service/pull/72 https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800 https://github.com/traefik/traefik/pull/11911 https://github.com/traefik/traefik/releases/tag/v2.11.28 https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg

CNNVD-202508-116 (Published: 2025-08-02)

Share on:

CVE-2025-54386 Information

Description

Reference

Related CNNVD