Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016821)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016821 advisory. Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to...

Unity Linux 20.1050e / 20.1070e Security Update: golang (UTSA-2026-017392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017392 advisory. A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates...

Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang net library

Summary Golang net library is used by the IBM Storage Protect Server Object Agent and OSSM component. Golang net is vulnerable to IPv6 zone ID mishandling leading to proxy bypass, This bulletin identifies the steps to address the vulnerabilities. CVE-2025-22870. Vulnerability Details...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy [CVE-2025-22870]

Summary IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy, due to matching of hosts against proxy patterns which can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Golang is used in our speech utilities. This...

Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway

Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.2. Vulnerability Details CVEID:CVE-2025-36274 DESCRIPTION: IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. CWE:CWE-312...

Security Bulletin: PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component which affects IBM watsonx.data

Summary PrismMatching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. These can affect...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of input in proxy host matching [CVE-2025-22870]

Summary IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of input in proxy host matching, caused by improper addressing of an IPv6 zone ID as a hostname component CVE-2025-22870. Proxy host matching is used as part of our speech utilities. This vulnerabilitiy has been...

Exploit for CVE-2025-22870

PoC – CVE-2025-22870 – HTTP Proxy Bypass via IPv6 Zone ID in G...

MGASA-2025-0175 Updated golang packages fix security vulnerabilities

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied - CVE-2025-22870. The net/http package...

Updated golang packages fix security vulnerabilities

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied - CVE-2025-22870. The net/http package...

Security Bulletin: Security vulnerabilities addressed with IBM Business Automation Workflow container updates in April 2025

Summary Multiple security vulnerabilities are addressed with IBM Business Automation Workflow containers updates in April 2025. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

FreeBSD : gitea -- Multiple vulnerabilities (300f86de-0e4d-11f0-ae40-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 300f86de-0e4d-11f0-ae40-b42e991fc52e advisory. [email protected] reports: Matching of hosts against proxy patterns can improperly treat an...

openSUSE Security Advisory (SUSE-SU-2025:1055-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

CBL Mariner 2.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

SUSE-SU-2025:0873-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238702...

SUSE-SU-2025:0866-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238702...

Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issues: CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238702 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

CVE-2025-22870

A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NOPROXY environment variable. Mitigation Mitigation for this issue is either not available or the currently available...

HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...