/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-f2h7-m7gj-5x43

Published

Last updated

https://images.chainguard.dev/security/CGA-f2h7-m7gj-5x43
Package

traefik-fips-3.5

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-54410
  • GHSA-4vq8-7jfc-9cvp

Severity

5.2

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-54410

Updates

Status

Pending upstream fix

Impact

We are unable to upgrade the Docker dependency in our Traefik package to v28.0.0 to fix the CVE, as it introduces breaking API changes. Docker v28.0.0 removes several types and fields—such as ContainerNode, NetworkListOptions, and EventsOptions that Traefik’s Docker provider still relies on. These removals cause multiple compilation errors across several files in Traefik’s codebase. The highest version we can upgrade to without breaking the build is Docker v27.5.1, which unfortunately does not address the CVE. As a result, this issue cannot be resolved without upstream changes in Traefik to support the newer Docker API.

Status

Under investigation


Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing