QwikSec

Security Database

CVE

CWE

Training

CVE-2025-69255

Published: Jan 7, 2026

Modified: Jan 7, 2026

PUBLISHED

Description

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. This issue has been patched in version 1.0.0-alpha.78.

Vendor	Product	Versions
rustfs	rustfs	affected `>= 1.0.0-alpha.13, < 1.0.0-alpha.78`

Weaknesses (CWE)

References

https://github.com/rustfs/rustfs/security/advisories/GHSA-gw2x-q739-qhcr

x_refsource_CONFIRM

https://github.com/rustfs/rustfs/commit/eb33e82b56ed11fd12bb39416359d8d60737dc7a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.