CVE-2025-47952: Traefik allows path traversal using url encoding
(updated )
Path traversal with “/../” using URL encodings ("/%2e%2e") allows for circumventing routing rules.
References
- github.com/advisories/GHSA-vrch-868g-9jx5
- github.com/traefik/traefik
- github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00
- github.com/traefik/traefik/releases/tag/v2.11.25
- github.com/traefik/traefik/releases/tag/v3.4.1
- github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5
- nvd.nist.gov/vuln/detail/CVE-2025-47952
Code Behaviors & Features
Detect and mitigate CVE-2025-47952 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →