CVE-2025-66490 — Interpretation Conflict in Traefik Traefik V2

CWE-436 — Interpretation Conflict6 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 94.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Traefik Traefik V2 Github.com Traefik Traefik V3 Traefik +1 more

Timeline

PublishedDec 9

Latest updateDec 15

Description

Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, b…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages5 packages

▶NVDtraefik/traefik3.0.0 — 3.6.3+1

▶Gogithub.com/traefik_traefik_v2< 2.11.32

▶Gogithub.com/traefik_traefik_v3< 3.6.3

▶Gogithub.com/traefik_traefik1.7.34

▶CVEListV5traefik/traefikgithub.com/traefik/traefik <= 1.7.34, github.com/traefik/traefik/v2 < 2.11.32, github.com/traefik/traefik/v3 < 3.6.3+2

🔴Vulnerability Details

OSV

Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik↗2025-12-15

▶

CVEList

Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules↗2025-12-09

▶

OSV

Path Normalization Bypass in Traefik Router + Middleware Rules↗2025-12-08

▶

GHSA

Path Normalization Bypass in Traefik Router + Middleware Rules↗2025-12-08

▶

📋Vendor Advisories

Red Hat

github.com/traefik/traefik: Traefik Path Normalization Bypass in Router + Middleware Rules↗2025-12-09

▶