CVE-2025-22870

🗓️ 12 Mar 2025 18:27:59Reported by GoType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 302 Views

Improper handling of IPv6 zone ID in proxy patterns may lead to incorrect host matches.

Reporter	Title	Published	Views	Family All 1530
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak	6 Aug 202513:40	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	11 Sep 202518:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager	20 Aug 202502:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar Log Management AQL Plugin includes components with known vulnerabilities	20 Oct 202520:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge	7 Aug 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in golang.org/x/net affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.	23 Jan 202613:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities	20 May 202521:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality	1 Sep 202511:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	21 Jan 202605:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway	26 Sep 202514:23	–	ibm

[
  {
    "vendor": "Go standard library",
    "product": "net/http",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "net/http",
    "versions": [
      {
        "version": "0",
        "lessThan": "1.23.7",
        "status": "affected",
        "versionType": "semver"
      },
      {
        "version": "1.24.0-0",
        "lessThan": "1.24.1",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "envProxyFunc"
      },
      {
        "name": "ProxyFromEnvironment"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "golang.org/x/net",
    "product": "golang.org/x/net/http/httpproxy",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "golang.org/x/net/http/httpproxy",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.36.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "config.useProxy"
      },
      {
        "name": "domainMatch.match"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "golang.org/x/net",
    "product": "golang.org/x/net/proxy",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "golang.org/x/net/proxy",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.36.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "PerHost.dialerForRequest"
      },
      {
        "name": "PerHost.AddFromString"
      },
      {
        "name": "Dial"
      },
      {
        "name": "FromEnvironment"
      },
      {
        "name": "FromEnvironmentUsing"
      },
      {
        "name": "PerHost.Dial"
      },
      {
        "name": "PerHost.DialContext"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
groups	www.groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ
go	www.go.dev/cl/654697
pkg	www.pkg.go.dev/vuln/GO-2025-3503
go	www.go.dev/issue/71984
openwall	www.openwall.com/lists/oss-security/2025/03/07/2
security	www.security.netapp.com/advisory/ntap-20250509-0007/

16 Apr 2026 23:16Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.4

EPSS0.00032

SSVC

CWE-115