/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2025-22870

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-22870

CGA ID

CGA-mp6j-5m5j-543r

Severity

Unknown

Description

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

References

  • https://images.chainguard.dev/security/CGA-mp6j-5m5j-543r
  • https://github.com/advisories/GHSA-qxp5-gwg8-xv66
  • https://go.dev/cl/654697
  • https://go.dev/issue/71984
  • https://pkg.go.dev/vuln/GO-2025-3503
  • http://www.openwall.com/lists/oss-security/2025/03/07/2
  • https://security-tracker.debian.org/tracker/CVE-2025-22870

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation