PT-2025-39921 · Minio · Minio Java Sdk

Pyguerder

Publicado

2025-09-29

Atualizado

2025-09-30

CVE-2025-59952

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions MinIO Java SDK versions prior to 8.6.0

Description The MinIO Java SDK is a client for performing bucket and object operations with Amazon S3 compatible object storage services. Versions prior to 8.6.0 improperly handle XML tag values containing references to system properties or environment variables, automatically substituting them with their actual values. This can expose sensitive information like credentials, file paths, or system configuration details if the XML content originates from an untrusted source.

Recommendations Update to MinIO Java SDK version 8.6.0 or later.

Exploit

Correção

Code Injection

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-20CWE-91

Identificadores relacionados

CVE-2025-59952

GHSA-H7RH-XFPJ-HPCM

Produtos afetados

Minio Java Sdk

PT-2025-39921 · Minio · Minio Java Sdk

CVE-2025-59952

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12