Vulnerability Reporttraefik/whoami:v1.10.3

traefik/whoami:v1.10.3

DIGESTsha256:43a68d10b9dfcfc3ffbfe4dd42100dc9aeaf29b3a5636c856337a5940f1b4f1c

Executive Summary

Threat ScoreNEEDS ATTENTION• Image from popular publisher (traefik) with 37M+ pulls, pinned by digest, trust score 90.• 4 exposed surface vulnerabilities of medium severity (max 6.8), including CVE-2025-68121, CVE-2025-61726, CVE-2026-33814.• 12 post-exploit vulnerabilities all low severity (max 2.7), no serious impact.• CVE-2025-68121 requires non-default TLS config mutation to exploit.• DoS risks in net/url and HTTP/2 are real but mitigable with rate limiting and patches.

30/100NEEDS ATTENTION

ReputationPOPULAR COMMUNITY• High Reputation Community Image (37M+ pulls)• Pinned by digest (Immutable)

RELIABLE

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The image has 39 exposed vulnerabilities, four of which are medium severity (up to CVSS 6.8). The most notable include a TLS session resumption bypass (CVE-2025-68121) that requires non-default configuration to exploit, and several denial-of-service vectors in URL parsing and HTTP/2 handling (CVE-2025-61726, CVE-2026-33814). Post-exploit vulnerabilities are all low severity (max 2.7). Mitigations: For CVE-2025-68121, ensuring TLS Config is not mutated after cloning eliminates the risk. For the DoS vulnerabilities, rate limiting and input validation can help but are not complete mitigations; updating to a patched Go version is recommended.

Vulnerabilities

Vulnerability Log

51 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-68121	MEDIUM6.8	stdlib v1.23.0 fixed in 1.24.13, 1.25.7, 1.26.0-rc.3	0.8% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2025-61726	MEDIUM6.38	stdlib v1.23.0 fixed in 1.24.12, 1.25.6	0.8% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-25679	MEDIUM6.38	stdlib v1.23.0 fixed in 1.25.8, 1.26.1	0.5% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-33814	MEDIUM6.38	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-32282	MEDIUM5.44	stdlib v1.23.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2026-32289	MEDIUM5.18	stdlib v1.23.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-61729	MEDIUM5.1	stdlib v1.23.0 fixed in 1.24.11, 1.25.5	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32280	MEDIUM5.1	stdlib v1.23.0 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32281	MEDIUM5.1	stdlib v1.23.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-32283	MEDIUM5.1	stdlib v1.23.0 fixed in 1.25.9, 1.26.2	0.4% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2024-34155	MEDIUM5.02	stdlib v1.23.0 fixed in 1.22.7, 1.23.1	0.8% Theoretical Threat	Directly Exposed
CVE-2024-45336	MEDIUM5.02	stdlib v1.23.0 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.6% Theoretical Threat	Directly Exposed
CVE-2026-32288	MEDIUM4.67	stdlib v1.23.0 fixed in 1.25.9, 1.26.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22871	MEDIUM4.59	stdlib v1.23.0 fixed in 1.23.8, 1.24.2	0.7% Theoretical Threat	Directly Exposed
CVE-2026-27142	MEDIUM4.59	stdlib v1.23.0 fixed in 1.25.8, 1.26.1	0.3% Theoretical Threat	Directly Exposed
CVE-2026-39826	MEDIUM4.59	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22866	MEDIUM4.5	stdlib v1.23.0 fixed in 1.22.12, 1.23.6, 1.24.0-rc.3	0.3% Theoretical Threat	Directly Exposed
CVE-2025-22873	MEDIUM4.5	stdlib v1.23.0 fixed in 1.23.9, 1.24.3	0.2% Theoretical Threat	Directly Exposed
CVE-2025-47912	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58185	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-58187	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.9, 1.25.3	0.4% Theoretical Threat	Directly Exposed
CVE-2025-58188	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58189	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Directly Exposed
CVE-2025-61723	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61724	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-61725	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.6% Theoretical Threat	Directly Exposed
CVE-2025-61730	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.12, 1.25.6	0.3% Theoretical Threat	Directly Exposed
CVE-2026-42507	MEDIUM4.5	stdlib v1.23.0 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Directly Exposed
CVE-2025-58186	MEDIUM4.5	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.5% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	golang.org/x/net v0.25.0 fixed in 0.36.0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-22870	LOW3.74	stdlib v1.23.0 fixed in 1.23.7, 1.24.1	0.4% Theoretical Threat	Directly Exposed
CVE-2024-45341	LOW3.57	stdlib v1.23.0 fixed in 1.22.11, 1.23.5, 1.24.0-rc.2	0.4% Theoretical Threat	Directly Exposed
CVE-2024-34156	LOW2.7	stdlib v1.23.0 fixed in 1.22.7, 1.23.1	1.1% Low-Moderate Risk	Post-Exploit
CVE-2026-33811	LOW2.29	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.5% Theoretical Threat	Post-Exploit
CVE-2026-39820	LOW2.29	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Post-Exploit
CVE-2026-39836	LOW2.29	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Post-Exploit
CVE-2025-58183	LOW2.29	stdlib v1.23.0 fixed in 1.24.8, 1.25.2	0.4% Theoretical Threat	Post-Exploit
CVE-2025-61728	LOW2.29	stdlib v1.23.0 fixed in 1.24.12, 1.25.6	0.6% Theoretical Threat	Post-Exploit
CVE-2025-47907	LOW2.14	stdlib v1.23.0 fixed in 1.23.12, 1.24.6	0.3% Theoretical Threat	Post-Exploit
CVE-2024-34158	LOW2.12	stdlib v1.23.0 fixed in 1.22.7, 1.23.1	1.0% Low-Moderate Risk	Post-Exploit
CVE-2026-27139	LOW2.12	stdlib v1.23.0 fixed in 1.25.8, 1.26.1	0.2% Theoretical Threat	Directly Exposed
CVE-2025-4673	LOW2.08	stdlib v1.23.0 fixed in 1.23.10, 1.24.4	0.6% Theoretical Threat	Post-Exploit
CVE-2025-22872	LOW1.99	golang.org/x/net v0.25.0 fixed in 0.38.0	0.4% Theoretical Threat	Post-Exploit
CVE-2025-47906	LOW1.99	stdlib v1.23.0 fixed in 1.23.12, 1.24.6	0.5% Theoretical Threat	Post-Exploit
CVE-2025-61727	LOW1.99	stdlib v1.23.0 fixed in 1.24.11, 1.25.5	0.3% Theoretical Threat	Post-Exploit
CVE-2026-39823	NONE0	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.3% Theoretical Threat	Not Applicable
CVE-2026-39825	NONE0	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.4% Theoretical Threat	Not Applicable
CVE-2026-42499	NONE0	stdlib v1.23.0 fixed in 1.25.10, 1.26.3	0.6% Theoretical Threat	Not Applicable
CVE-2026-42504	NONE0	stdlib v1.23.0 fixed in 1.25.11, 1.26.4	0.4% Theoretical Threat	Not Applicable
CVE-2025-0913	NONE0	stdlib v1.23.0 fixed in 1.23.10, 1.24.4	0.2% Theoretical Threat	Not Applicable
CVE-2026-27145	NONE0	stdlib v1.23.0 fixed in 1.25.11, 1.26.4	0.3% Theoretical Threat	Not Applicable