Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-31698

Good to know:

icon

Date: June 19, 2025

In Apache Traffic Server 9.x before 9.2.11 and 10.x before 10.0.6, Client IP address from PROXY protocol is not used for ACL.

Severity Score

Related Resources (5)

https://nvd.nist.gov/vuln/detail/CVE-2025-31698
https://security-tracker.debian.org/tracker/CVE-2025-31698
https://seclists.org/oss-sec/2025/q2/264
https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8
https://www.mend.io/vulnerability-database/CVE-2025-31698

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/apache/trafficserver.git - 9.2.11;https://github.com/apache/trafficserver.git - 10.0.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us