VYPR
Medium severity4.4NVD Advisory· Published Mar 12, 2025· Updated Apr 16, 2026

CVE-2025-22870

CVE-2025-22870

Description

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
golang.org/x/netGo
< 0.36.00.36.0

Affected products

4838

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.

CVE-2025-22870 · Medium · VYPR