Bug 2351766 (CVE-2025-22870)

Summary: CVE-2025-22870 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, abarbaro, akostadi, alcohan, amasferr, amctagga, anjoseph, anthomas, aoconnor, bdettelb, bkabrda, bniver, brking, cbartlet, cdaley, cmah, crizzo, dhanak, dmayorov, doconnor, drosa, dsimansk, dymurray, eaguilar, ebaron, eglynn, ehelms, fdeutsch, flucifre, ggainey, gkamathe, gmeno, gparvin, haoli, hkataria, ibolton, jaharrin, jajackso, jburrell, jcammara, jcantril, jchui, jeder, jforrest, jhe, jjoyce, jkoehler, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jolong, jprabhak, jschluet, juwatts, jwendell, kegrant, kingland, koliveir, kshier, ktsao, kverlaen, lball, lchilton, lgamliel, lhh, lphiri, lsvaty, mabashia, manissin, matzew, mbenjamin, mbocek, mburns, mgarciac, mhackett, mhulan, mkudlej, mmakovy, mnovotny, mwringe, nboldt, ngough, njean, nmoumoul, nobody, oramraz, osousa, owatkins, pahickey, pbraun, pcreech, pgaikwad, pgrist, pierdipi, pjindal, psrna, rcernich, rchan, rfreiman, rhaigner, rjohnson, rojacob, sausingh, sdawley, sfeifer, sfroberg, shvarugh, simaishi, slucidi, smallamp, smcdonal, smullick, sostapov, sseago, stcannon, stirabos, teagle, tfister, thason, thavo, tjochec, vereddy, veshanka, whayutin, wtam, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2351865, 2351867, 2351869, 2351870, 2351871, 2351872, 2351873, 2351874, 2351875, 2351876, 2351877, 2351878, 2351879, 2351880, 2351882, 2351883, 2351885, 2351886, 2351887, 2351888, 2351889, 2351890, 2351891, 2351892, 2351893, 2351894, 2351895, 2351896, 2351897, 2351898, 2351899, 2351900, 2351901, 2351902, 2351903, 2351906, 2351907, 2351908, 2351909, 2351910, 2351912, 2351913, 2352131, 2352132, 2352133, 2352134, 2352135, 2352137, 2352138, 2352140, 2352141, 2352142, 2352143, 2352144, 2352146, 2352148, 2352151, 2352152, 2352153, 2352155, 2352156, 2352157, 2352159, 2352160, 2352161, 2352162, 2352163, 2352164, 2352166, 2352167, 2352168, 2352169, 2352171, 2352172, 2352173, 2352174, 2352175, 2352176, 2352177, 2352178, 2352179, 2352180, 2352181, 2352182, 2352183, 2352184, 2352185, 2352186, 2352187, 2352188, 2352189, 2352190, 2352191, 2352193, 2352194, 2352195, 2352196, 2352197, 2352198, 2352199, 2352200, 2352201, 2352202, 2352203, 2352204, 2352205, 2352206, 2352207, 2352208, 2352209, 2352210, 2352211, 2352212, 2352213, 2352214, 2352216, 2352217, 2352218, 2352219, 2352220, 2352221, 2352223, 2352224, 2352225, 2352226, 2352227, 2352228, 2352229, 2352230, 2352231, 2352232, 2352233, 2352234, 2352236, 2352237, 2352238, 2352239, 2352240, 2352241, 2352242, 2352243, 2352244, 2352245, 2352246, 2352247, 2352248, 2352249, 2352250, 2352251, 2352252, 2352253, 2352254, 2352255, 2352257, 2352258, 2352259, 2352260, 2352261, 2352262, 2352263, 2352264, 2352265, 2352266, 2352267, 2352268, 2352269, 2352270, 2352271, 2352272, 2352273, 2352274, 2352275, 2352276, 2352277, 2352278, 2352279, 2352280, 2352281, 2352282, 2352283, 2352284, 2352285, 2352287, 2352288, 2352291, 2352292, 2352293, 2352294, 2352295, 2352296, 2352298, 2352300, 2352301, 2352302, 2352306, 2352307, 2352308, 2352310, 2352311, 2352312, 2352313, 2352315, 2352316, 2352317, 2352318, 2352320, 2352321, 2352322, 2352323, 2352327, 2352328, 2352329, 2352330, 2352331, 2352332, 2352333, 2352334, 2352335, 2352336, 2352337, 2352338, 2352340, 2352341, 2352343, 2352344, 2352345, 2352347, 2352348, 2352349, 2352350, 2352351, 2352353, 2351866, 2351881, 2351884, 2351904, 2351905, 2351911, 2351914, 2351915, 2351916, 2351917, 2351918, 2351919, 2351920, 2351921, 2351922, 2351923, 2351924, 2351925, 2351926, 2351927, 2351928, 2351929, 2351930, 2351931, 2351932, 2351933, 2351934, 2351935, 2351936, 2351937, 2351938, 2351939, 2351940, 2351941, 2351942, 2351943, 2351944, 2351945, 2351946, 2351947, 2351948, 2351949, 2351950, 2351951, 2351952, 2351953, 2351954, 2351955, 2351956, 2351957, 2351958, 2351959, 2351960, 2351961, 2351962, 2351963, 2351964, 2351965, 2351966, 2351967, 2351968, 2351969, 2351970, 2351971, 2351972, 2351973, 2351974, 2351975, 2351976, 2351977, 2351978, 2351979, 2351980, 2351981, 2351982, 2351983, 2351984, 2351985, 2351986, 2351987, 2351988, 2351989, 2351990, 2351991, 2351992, 2351993, 2351994, 2351995, 2351996, 2351997, 2351998, 2351999, 2352000, 2352001, 2352002, 2352003, 2352004, 2352005, 2352006, 2352007, 2352008, 2352009, 2352010, 2352011, 2352012, 2352013, 2352014, 2352015, 2352016, 2352017, 2352018, 2352019, 2352020, 2352021, 2352022, 2352023, 2352024, 2352025, 2352026, 2352027, 2352028, 2352029, 2352030, 2352031, 2352032, 2352033, 2352034, 2352035, 2352036, 2352037, 2352038, 2352039, 2352040, 2352041, 2352042, 2352043, 2352044, 2352045, 2352046, 2352047, 2352048, 2352049, 2352050, 2352051, 2352052, 2352053, 2352054, 2352055, 2352056, 2352057, 2352058, 2352059, 2352060, 2352061, 2352062, 2352063, 2352064, 2352065, 2352066, 2352067, 2352068, 2352069, 2352070, 2352071, 2352072, 2352073, 2352074, 2352075, 2352076, 2352077, 2352078, 2352079, 2352080, 2352081, 2352082, 2352083, 2352084, 2352085, 2352086, 2352087, 2352088, 2352089, 2352090, 2352091, 2352092, 2352093, 2352094, 2352095, 2352096, 2352097, 2352098, 2352099, 2352100, 2352101, 2352102, 2352103, 2352104, 2352105, 2352106, 2352107, 2352108, 2352109, 2352110, 2352111, 2352112, 2352113, 2352114, 2352115, 2352116, 2352117, 2352118, 2352119, 2352120, 2352121, 2352122, 2352123, 2352124, 2352125, 2352126, 2352127, 2352128, 2352129, 2352130, 2352136, 2352139, 2352145, 2352147, 2352149, 2352150, 2352154, 2352158, 2352165, 2352170, 2352192, 2352215, 2352235, 2352256, 2352286, 2352289, 2352290, 2352297, 2352299, 2352303, 2352304, 2352305, 2352309, 2352314, 2352319, 2352324, 2352325, 2352326, 2352339, 2352342, 2352346, 2352352    
Bug Blocks:    

Description OSIDB Bzimport 2025-03-12 21:41:31 UTC 
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Comment 5 errata-xmlrpc 2025-05-14 14:49:34 UTC 
This issue has been addressed in the following products:

  RHODF-4.18-RHEL-9

Via RHSA-2025:7616 https://access.redhat.com/errata/RHSA-2025:7616