CVE-2025-59952

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions MinIO Java SDK versions prior to 8.6.0

Description The MinIO Java SDK is a client for performing bucket and object operations with Amazon S3 compatible object storage services. Versions prior to 8.6.0 improperly handle XML tag values containing references to system properties or environment variables, automatically substituting them with their actual values. This can expose sensitive information like credentials, file paths, or system configuration details if the XML content originates from an untrusted source.

Recommendations Update to MinIO Java SDK version 8.6.0 or later.

Exploit

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20CWE-91

Related Identifiers

CVE-2025-59952

GHSA-H7RH-XFPJ-HPCM

Affected Products

Minio Java Sdk

CVE-2025-59952

Weakness Enumeration

Related Identifiers

Affected Products

References · 12