Vulnerability Details
Basic Information
| Title | Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability |
|---|---|
| Type | github |
| Published | 2025-04-18T19:32:23 |
| Last Seen | 2025-04-18T21:43:26 |
| CVSS Score | 7.5 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-22868 |
|---|---|
| CWE | CWE-1286 |
| Bulletin Family | software |
Description
### Summary
We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22.
– https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297
We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22.
– https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297
### Details
It seems to target oauth2/jws library.
### PoC
No steps to replicate this vulnerability
### Impact
We have a strict control on security and we always try to stay up-to-date with the fixes received for third-party solutions.
## Patches
– https://github.com/traefik/traefik/releases/tag/v2.11.24
– https://github.com/traefik/traefik/releases/tag/v3.3.6
– https://github.com/traefik/traefik/releases/tag/v3.4.0-rc2
Impact Assessment
| Base Score | 7.5 |
|---|---|
| Severity | HIGH |