CVE-2025-47910
ADVISORY - nistSummary
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
EPSS Score: 0.00008 (0.007)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - redhat
Expected Behavior Violation
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in