File Exposure Vulnerability in S3Proxy by org.gaul
CVE-2025-24961

6MEDIUM

Key Information:

Vendor: Gaul
Status: S3proxy
Vendor: CVE Published:; 3 February 2025

🔔 Create Gaul Vulnerability Alert

What is CVE-2025-24961?

The S3Proxy by org.gaul implements the S3 API and facilitates the proxying of requests, which may inadvertently expose local files to users when utilizing the filesystem and filesystem-nio2 storage backends. To mitigate this risk, users are strongly urged to upgrade to version 2.6.0, as no known workarounds are available for this vulnerability.

Affected Version(s)

s3proxy < 2.6.0

References

https://github.com/gaul/s3proxy/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/apache/jclouds/commit/b0819e0ef5e08c79...

x_refsource_MISC

https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78...

x_refsource_MISC

CVSS V4

Score:

6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Jan 29, 2025

CVE-2025-24961 Data

.