QwikSec

Security Database

CVE

CWE

Training

CVE-2025-24961

Published: Feb 3, 2025

Modified: Feb 12, 2025

PUBLISHED

Description

org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor	Product	Versions
gaul	s3proxy	affected `< 2.6.0`

Weaknesses (CWE)

References

https://github.com/gaul/s3proxy/security/advisories/GHSA-2ccp-vqmv-4r4x

x_refsource_CONFIRM

https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3

x_refsource_MISC

https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.