SB2025120814 - Multiple vulnerabilities in Traefik

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2025-66490)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input processed with using a PathPrefix, Path or PathRegex matcher. A remote attacker can send a specially crafted request with the request path that contains an encoded restricted character from the following set (e.g., '/', '', 'Null', ';', '?', '#') and trick the application into using another router therefore bypassing the middlewares chain.

2) Improper certificate validation (CVE-ID: CVE-2025-66491)

The vulnerability allows a remote attacker to perform MitM attack.

the vulnerability exists due to an error in the Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. A remote attacker can perform MitM attack. 

Remediation

Install update from vendor's website.

References

• https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c
• https://github.com/traefik/traefik/security/advisories/GHSA-7vww-mvcr-x6vj