Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.
Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.
Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
AnalysisAI
CVE-2025-31698 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Technical ContextAI
CWE-284 (Improper Access Control). CVSS 7.5 indicates high severity.
RemediationAI
Monitor vendor channels for patch availability.
More in Traffic Server
View allThe HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unkno
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unkn
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown imp
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Ap
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling at
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 th
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle a
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked enco
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| jammy | needed | - |
| noble | needed | - |
| upstream | released | 9.2.11 |
| questing | needed | - |
Debian
Bug #1108044| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 8.1.10+ds-1~deb11u1 | - |
| bullseye (security) | vulnerable | 8.1.11+ds-0+deb11u2 | - |
| bookworm, bookworm (security) | fixed | 9.2.5+ds-0+deb12u3 | - |
| sid | vulnerable | 9.2.5+ds-1 | - |
| bookworm | fixed | 9.2.5+ds-0+deb12u3 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18750