2 matches found
CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...
CVE-2025-54386
Traefik vulnerability CVE-2025-54386: a path traversal flaw in WASM Traefik’s plugin installation enables overwriting arbitrary files outside the plugin directory via crafted ZIP archives containing "../" sequences. Affected versions: 2.11.27 and earlier; 3.0.0–3.4.4; 3.5.0-rc1. Impact includes r...