CVE-2025-31698

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 9.0.0 through 9.2.10 Apache Traffic Server versions 10.0.0 through 10.0.6

Description The issue arises when the ACL configured in ip allow.config or remap.config does not utilize IP addresses provided by the PROXY protocol. A new setting, proxy.config.acl.subjects, can be used to select which IP addresses to use for the ACL when Apache Traffic Server is set up to accept the PROXY protocol.

Recommendations For versions 9.0.0 through 9.2.10, upgrade to version 9.2.11. For versions 10.0.0 through 10.0.6, upgrade to version 10.0.6.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2025-08196

CVE-2025-31698

DSA-5948-1

OESA-2025-1731

OESA-2025-1732

OESA-2025-1904

Affected Products

Apache Traffic Server

Debian

CVE-2025-31698

Weakness Enumeration

Related Identifiers

Affected Products

References · 25