Traefik’s Client Plugin is Vulnerable to Path Traversal, Arbitrary File...

7.3 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Description

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.

Basic Information

ID CVE-2025-54386

Source GitHub_M

Published Aug 1, 2025 at 23:32

Modified Aug 4, 2025 at 15:28

Affected Product

Vendor traefik

Product traefik

Version <= 2.11.27, < 2.11.28

Affected Versions traefik traefik <= 2.11.27, < 2.11.28
traefik traefik <= 3.0.0, < 3.4.5
traefik traefik >= 3.5.0-rc1, < 3.5.0-rc2

CWE Classification

CWE-22 CWE-30

References

{
    "lastseen": "",
    "description": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u2019s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.",
    "published": "2025-08-01T23:32:21.747Z",
    "modified": "2025-08-04T15:28:06.189Z",
    "type": "cve",
    "title": "Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution",
    "source": "GitHub_M",
    "references": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg\nhttps://github.com/traefik/plugin-service/pull/71\nhttps://github.com/traefik/plugin-service/pull/72\nhttps://github.com/traefik/traefik/pull/11911\nhttps://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800\nhttps://github.com/traefik/traefik/releases/tag/v2.11.28",
    "id": "CVE-2025-54386",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-30"
    ],
    "cvelist": null,
    "sourceData": "traefik traefik <= 2.11.27, < 2.11.28\ntraefik traefik <= 3.0.0, < 3.4.5\ntraefik traefik >= 3.5.0-rc1, < 3.5.0-rc2",
    "sourceHref": "",
    "cvss": {
        "score": 7.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "traefik",
    "version": "<= 2.11.27, < 2.11.28",
    "vendor": "traefik",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Traefik’s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution_CVE-2025-54386