QwikSec

Security Database

CVE

CWE

Training

CVE-2025-54386

Published: Aug 1, 2025

Modified: Aug 4, 2025

PUBLISHED

Description

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.

Vendor	Product	Versions
traefik	traefik	affected `<= 2.11.27, < 2.11.28` affected `<= 3.0.0, < 3.4.5` affected `>= 3.5.0-rc1, < 3.5.0-rc2`

Weaknesses (CWE)

References

https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg

x_refsource_CONFIRM

https://github.com/traefik/plugin-service/pull/71

x_refsource_MISC

https://github.com/traefik/plugin-service/pull/72

x_refsource_MISC

https://github.com/traefik/traefik/pull/11911

x_refsource_MISC

https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800

x_refsource_MISC

https://github.com/traefik/traefik/releases/tag/v2.11.28

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.