File Exposure Vulnerability in S3Proxy by org.gaul
CVE-2025-24961

6MEDIUM

Key Information:

Vendor
Gaul
Status
S3proxy
Vendor
CVE Published:
3 February 2025

Summary

The S3Proxy by org.gaul implements the S3 API and facilitates the proxying of requests, which may inadvertently expose local files to users when utilizing the filesystem and filesystem-nio2 storage backends. To mitigate this risk, users are strongly urged to upgrade to version 2.6.0, as no known workarounds are available for this vulnerability.

Affected Version(s)

s3proxy < 2.6.0

References

https://github.com/gaul/s3proxy/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/apache/jclouds/commit/b0819e0ef5e08c79...
x_refsource_MISC
https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78...
x_refsource_MISC

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.