DEBIAN-CVE-2025-22870

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2025-22870
Published: 12 Mar 2025, 19:15
Last modified:28 Apr 2026, 20:29

Vulnerability Summary

Overall Risk (default)
low
18/100
CVSS Score
4.4 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Mar 2025, 19:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:29
Last Modified
Vulnerability information updated

Description

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

CVSS Metrics

  • v3.1MEDIUMScore: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected Systems

  • debiangolang-1.15

    all

  • debiangolang-1.19

    all

  • debiangolang-1.24

    < 1.24.1-1 | < 1.24.1-1

References (1)