CVE-2025-24961

Published Feb 3, 2025

Last updated 19 days ago

CVSS medium 6.0

Overview

Description
org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2025-24961 org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to … https://t.co/YjG7bpD94X

    @CVEnew

    3 Feb 2025

    239 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References