Vulnerability CVE-2025-22870: Information

Description

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Severity: MEDIUM (4.4)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-22870
Published: March 12, 2025
Modified: April 16, 2026
Error type identifier: CWE-115

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
cert-managersisyphus1.19.1-alt11.19.4-alt1ALT-PU-2025-15509-3402277Fixed
cert-managersisyphus_riscv641.19.1-alt11.19.4-alt1ALT-PU-2025-15584-1-Fixed
cert-managersisyphus_loongarch641.19.1-alt11.19.4-alt1ALT-PU-2025-15592-1-Fixed
cert-managerp111.19.3-alt11.19.4-alt1ALT-PU-2026-3297-3405902Fixed
cert-managerc10f21.19.3-alt11.19.4-alt1ALT-PU-2026-3315-3407771Fixed
coredns-for-kubernetes1.33sisyphus1.12.0-alt21.12.0-alt2ALT-PU-2025-7246-3385131Fixed
coredns-for-kubernetes1.33sisyphus_riscv641.12.0-alt21.12.0-alt2ALT-PU-2025-7497-1-Fixed
coredns-for-kubernetes1.33sisyphus_loongarch641.12.0-alt21.12.0-alt2ALT-PU-2025-7505-1-Fixed
coredns-for-kubernetes1.33p111.12.0-alt21.12.0-alt2ALT-PU-2025-7246-3385131Fixed
coredns-for-kubernetes1.33c10f21.12.0-alt21.12.0-alt2ALT-PU-2025-7246-3385131Fixed
coredns1.11.3sisyphus1.11.3-alt21.11.3-alt2ALT-PU-2025-6652-6384004Fixed
coredns1.11.3sisyphus_riscv641.11.3-alt21.11.3-alt2ALT-PU-2025-7136-1-Fixed
coredns1.11.3sisyphus_loongarch641.11.3-alt21.11.3-alt2ALT-PU-2025-7083-1-Fixed
coredns1.11.3p111.11.3-alt21.11.3-alt2ALT-PU-2025-7475-4385568Fixed
coredns1.11.3c10f21.11.3-alt21.11.3-alt2ALT-PU-2025-7101-4384783Fixed
etcdsisyphus3.5.23-alt13.5.28-alt1ALT-PU-2025-12972-3397100Fixed
etcdsisyphus_riscv643.5.23-alt13.5.28-alt1ALT-PU-2025-13440-1-Fixed
etcdsisyphus_loongarch643.5.23-alt13.5.28-alt1ALT-PU-2025-13169-1-Fixed
etcdp113.5.23-alt13.5.28-alt1ALT-PU-2025-16469-1397101Fixed
etcdp103.5.23-alt13.5.23-alt1ALT-PU-2025-16625-1397108Fixed
etcdc10f23.5.23-alt13.5.28-alt1ALT-PU-2025-13125-3397104Fixed
etcd-for-kubernetes1.31sisyphus3.5.24-alt13.5.24-alt1ALT-PU-2025-14421-3399893Fixed
etcd-for-kubernetes1.31sisyphus_riscv643.5.24-alt13.5.24-alt1ALT-PU-2025-14606-1-Fixed
etcd-for-kubernetes1.31sisyphus_loongarch643.5.24-alt13.5.24-alt1ALT-PU-2025-14569-1-Fixed
etcd-for-kubernetes1.31p113.5.24-alt13.5.24-alt1ALT-PU-2025-14824-4400587Fixed
etcd-for-kubernetes1.31c10f23.5.24-alt13.5.24-alt1ALT-PU-2025-14814-4400585Fixed
etcd-for-kubernetes1.32sisyphus3.5.16-alt43.5.24-alt1ALT-PU-2025-6655-6384004Fixed
etcd-for-kubernetes1.32sisyphus_riscv643.5.16-alt43.5.24-alt1ALT-PU-2025-7139-1-Fixed
etcd-for-kubernetes1.32sisyphus_loongarch643.5.16-alt43.5.24-alt1ALT-PU-2025-7082-1-Fixed
etcd-for-kubernetes1.32p113.5.16-alt43.5.24-alt1ALT-PU-2025-6655-6384004Fixed
etcd-for-kubernetes1.32c10f23.5.16-alt43.5.24-alt1ALT-PU-2025-7104-4384783Fixed
golangsisyphus1.24.1-alt11.26.3-alt1ALT-PU-2025-3858-2376926Fixed
golangsisyphus_riscv641.24.2-alt0.port1.26.2-alt0.portALT-PU-2025-5117-1-Fixed
golangsisyphus_loongarch641.24.1-alt11.26.2-alt1ALT-PU-2025-3899-1-Fixed
golangp111.24.3-alt11.25.9-alt1ALT-PU-2025-6549-3381621Fixed
golangp101.23.7-alt11.24.13-alt1ALT-PU-2025-3927-3376931Fixed
golangc10f21.23.7-alt11.25.8-alt1ALT-PU-2025-3852-3376932Fixed
kubernetes1.32sisyphus1.32.4-alt31.32.13-alt1ALT-PU-2025-6650-5384004Fixed
kubernetes1.32sisyphus_loongarch641.32.4-alt31.32.13-alt1ALT-PU-2025-7079-1-Fixed
kubernetes1.32p111.32.4-alt31.32.11-alt1ALT-PU-2025-7474-4385568Fixed
kubernetes1.32c10f21.32.4-alt31.32.10-alt1ALT-PU-2025-7103-4384783Fixed
portainersisyphus2.33.1-alt12.39.2-alt1ALT-PU-2025-10966-4393358Fixed
portainerc10f22.33.1-alt12.39.1-alt1ALT-PU-2025-10968-4393364Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://go.dev/cl/654697
    https://go.dev/issue/71984
      https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ
        https://pkg.go.dev/vuln/GO-2025-3503
          http://www.openwall.com/lists/oss-security/2025/03/07/2
            https://security.netapp.com/advisory/ntap-20250509-0007/
              BDU:2025-02476
                GHSA-qxp5-gwg8-xv66
                  VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
                  Version: v26.2.2
                  Back to top