← Back

CVE-2025-68705

nvd nist
Published: Jan 7, 2026Modified: Jan 16, 2026

JSON object

Loading...
8.8
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security-advisories@github.com (Secondary)

Description

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.

Affected (66)

Products: Rustfs: Rustfs
Rustfs
1 product
Rustfs
Configuration A
66 vulnerable
Vulnerable SoftwareAffected Versions
Rustfs
Rustfs
Version 1.0.0 alpha13
Rustfs
Version 1.0.0 alpha14
Rustfs
Version 1.0.0 alpha15
Rustfs
Version 1.0.0 alpha16
Rustfs
Version 1.0.0 alpha17
Rustfs
Version 1.0.0 alpha18
Rustfs
Version 1.0.0 alpha19
Rustfs
Version 1.0.0 alpha20
Rustfs
Version 1.0.0 alpha21
Rustfs
Version 1.0.0 alpha22
Rustfs
Version 1.0.0 alpha23
Rustfs
Version 1.0.0 alpha24
Rustfs
Version 1.0.0 alpha25
Rustfs
Version 1.0.0 alpha26
Rustfs
Version 1.0.0 alpha27
Rustfs
Version 1.0.0 alpha28
Rustfs
Version 1.0.0 alpha29
Rustfs
Version 1.0.0 alpha30
Rustfs
Version 1.0.0 alpha31
Rustfs
Version 1.0.0 alpha32
Rustfs
Version 1.0.0 alpha33
Rustfs
Version 1.0.0 alpha34
Rustfs
Version 1.0.0 alpha35
Rustfs
Version 1.0.0 alpha36
Rustfs
Version 1.0.0 alpha37
Rustfs
Version 1.0.0 alpha38
Rustfs
Version 1.0.0 alpha39
Rustfs
Version 1.0.0 alpha40
Rustfs
Version 1.0.0 alpha41
Rustfs
Version 1.0.0 alpha42
Rustfs
Version 1.0.0 alpha43
Rustfs
Version 1.0.0 alpha44
Rustfs
Version 1.0.0 alpha45
Rustfs
Version 1.0.0 alpha46
Rustfs
Version 1.0.0 alpha47
Rustfs
Version 1.0.0 alpha48
Rustfs
Version 1.0.0 alpha49
Rustfs
Version 1.0.0 alpha50
Rustfs
Version 1.0.0 alpha51
Rustfs
Version 1.0.0 alpha52
Rustfs
Version 1.0.0 alpha53
Rustfs
Version 1.0.0 alpha54
Rustfs
Version 1.0.0 alpha55
Rustfs
Version 1.0.0 alpha56
Rustfs
Version 1.0.0 alpha57
Rustfs
Version 1.0.0 alpha58
Rustfs
Version 1.0.0 alpha59
Rustfs
Version 1.0.0 alpha60
Rustfs
Version 1.0.0 alpha61
Rustfs
Version 1.0.0 alpha62
Rustfs
Version 1.0.0 alpha63
Rustfs
Version 1.0.0 alpha64
Rustfs
Version 1.0.0 alpha65
Rustfs
Version 1.0.0 alpha66
Rustfs
Version 1.0.0 alpha67
Rustfs
Version 1.0.0 alpha68
Rustfs
Version 1.0.0 alpha69
Rustfs
Version 1.0.0 alpha70
Rustfs
Version 1.0.0 alpha71
Rustfs
Version 1.0.0 alpha72
Rustfs
Version 1.0.0 alpha73
Rustfs
Version 1.0.0 alpha74
Rustfs
Version 1.0.0 alpha75
Rustfs
Version 1.0.0 alpha76
Rustfs
Version 1.0.0 alpha77
Rustfs
Version 1.0.0 alpha78

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
ExploitVendor Advisory

Timeline

No history available yet.