N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24961

CVE-2025-24961: S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends

Impact

Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to authenticated clients.

Patches

Upgrade to S3Proxy 2.6.0 which includes apache/jclouds@b0819e0ef5e08c792a4d1724b938714ce9503aa3 and 86b6ee4749aa163a78e7898efc063617ed171980.

Workarounds

None

References

Privately reported by XBOW Team @xbow-security.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-24961

CVE-2025-24961:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.gaul:s3proxy	maven	< 2.6.0	2.6.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient validation of user-controlled input (container names and blob keys) in both the filesystem and filesystem-nio2 backends. The jclouds commit added validation checks in FilesystemBlobKeyValidatorImpl and FilesystemContainerNameValidatorImpl, indicating these were previously missing in functions like getBlob, removeBlob, and getContainerAccess. The s3proxy commit introduced path normalization and a checkValidPath guard in AbstractNio2BlobStore, showing that methods like list and getBlob previously resolved paths without ensuring they stayed within the container. The combination of missing validation and unconstrained path resolution allowed attackers to traverse directories via crafted inputs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-24961: S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends

Impact

Patches

Workarounds

References

CVE-2025-24961:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

CVE-2025-24961: S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends

Impact

Patches

Workarounds

References

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI