CVE-2025-24961

Vulnerability Description

org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Weaknesses (CWE)

CWE-22

References

https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa
https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980
https://github.com/gaul/s3proxy/security/advisories/GHSA-2ccp-vqmv-4r4x

FAQ

What is CVE-2025-24961?

CVE-2025-24961 is a documented vulnerability. org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been address...

How severe is CVE-2025-24961?

CVSS scoring is not yet available for CVE-2025-24961. Check NVD for updates.

Is there a patch for CVE-2025-24961?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.