CVE Vulnerabilities

CVE-2025-22870

Misinterpretation of Input

Published: Mar 12, 2025 | Modified: Mar 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
4.4 MODERATE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Ubuntu
MEDIUM

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to *.example.com, a request to [::1%25.example.com]:80` will incorrectly match and not be proxied.

Weakness

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

References