VDB
CGA-gfhf-qq36-wgj3
CGA-gfhf-qq36-wgj3
REJECTED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wolfi | cni-plugins-host-device | 0, 0, 0 |
| Chainguard | cni-plugins-dhcp | 0, 0, 0 |
| Wolfi | cni-plugins-tap-compat | 0, 0, 0 |
| Wolfi | cni-plugins-vrf-compat | 0, 0, 0 |
| Wolfi | cni-plugins-loopback | 0, 0, 0 |
| Wolfi | cni-plugins-firewall-compat | 0, 0, 0 |
| Chainguard | cni-plugins-tuning | 0, 0, 0 |
| Wolfi | cni-plugins-ipam | 0, 0, 0 |
| Wolfi | cni-plugins-static-compat | 0, 0, 0 |
| Chainguard | cni-plugins-bridge | 0, 0, 0 |
| Wolfi | cni-plugins-host-device-compat | 0, 0, 0 |
| Chainguard | cni-plugins-ipam | 0, 0, 0 |
| Wolfi | cni-plugins-vlan | 0, 0, 0 |
| Wolfi | cni-plugins-ipvlan-compat | 0, 0, 0 |
| Wolfi | cni-plugins-firewall | 0, 0, 0 |
| Wolfi | cni-plugins | 0, 0, 0 |
| Wolfi | cni-plugins-meta | 0, 0, 0 |
| Chainguard | cni-plugins-macvlan | 0, 0, 0 |
| Chainguard | cni-plugins-vlan | 0, 0, 0 |
| Chainguard | cni-plugins-loopback-compat | 0, 0, 0 |
…and 62 more
Exploit Intelligence
- Proof-of-concept for CVE-2025-22870 demonstrating HTTP proxy bypass in vulnerable versions (<0.36.0) of golang.org/x/net/http/httpproxy. Exploits improper IPv6 zone ID parsing to evade NO_PROXY restrictions, enabling proxy bypass and potential SSRF under misconfigured environments. (github-poc)
- CHANGELOG-v1.73.1.yml (github-poc)
- scan.openvex.json (github-poc)
Timeline
- Jan 28, 2026 CVE Rejected