{"id":"GO-2025-3719","summary":"Traefik allows path traversal using url encoding in github.com/traefik/traefik","details":"Traefik allows path traversal using url encoding in github.com/traefik/traefik","aliases":["CVE-2025-47952","GHSA-vrch-868g-9jx5"],"modified":"2026-03-03T04:56:38.338929Z","published":"2025-05-29T20:59:03Z","database_specific":{"review_status":"UNREVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3719"},"references":[{"type":"ADVISORY","url":"https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5"},{"type":"FIX","url":"https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00"},{"type":"WEB","url":"https://github.com/traefik/traefik/releases/tag/v2.11.25"},{"type":"WEB","url":"https://github.com/traefik/traefik/releases/tag/v3.4.1"}],"affected":[{"package":{"name":"github.com/traefik/traefik","ecosystem":"Go","purl":"pkg:golang/github.com/traefik/traefik"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3719.json"}},{"package":{"name":"github.com/traefik/traefik/v2","ecosystem":"Go","purl":"pkg:golang/github.com/traefik/traefik/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.11.25"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3719.json"}},{"package":{"name":"github.com/traefik/traefik/v3","ecosystem":"Go","purl":"pkg:golang/github.com/traefik/traefik/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.4.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3719.json"}}],"schema_version":"1.7.3"}