CVE-2025-68705 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
rustfs	rustfs	1.0.0:alpha13
rustfs	rustfs	1.0.0:alpha14
rustfs	rustfs	1.0.0:alpha15
rustfs	rustfs	1.0.0:alpha16
rustfs	rustfs	1.0.0:alpha17
rustfs	rustfs	1.0.0:alpha18
rustfs	rustfs	1.0.0:alpha19
rustfs	rustfs	1.0.0:alpha20
rustfs	rustfs	1.0.0:alpha21
rustfs	rustfs	1.0.0:alpha22
rustfs	rustfs	1.0.0:alpha23
rustfs	rustfs	1.0.0:alpha24
rustfs	rustfs	1.0.0:alpha25
rustfs	rustfs	1.0.0:alpha26
rustfs	rustfs	1.0.0:alpha27
rustfs	rustfs	1.0.0:alpha28
rustfs	rustfs	1.0.0:alpha29
rustfs	rustfs	1.0.0:alpha30
rustfs	rustfs	1.0.0:alpha31
rustfs	rustfs	1.0.0:alpha32
rustfs	rustfs	1.0.0:alpha33
rustfs	rustfs	1.0.0:alpha34
rustfs	rustfs	1.0.0:alpha35
rustfs	rustfs	1.0.0:alpha36
rustfs	rustfs	1.0.0:alpha37
rustfs	rustfs	1.0.0:alpha38
rustfs	rustfs	1.0.0:alpha39
rustfs	rustfs	1.0.0:alpha40
rustfs	rustfs	1.0.0:alpha41
rustfs	rustfs	1.0.0:alpha42
rustfs	rustfs	1.0.0:alpha43
rustfs	rustfs	1.0.0:alpha44
rustfs	rustfs	1.0.0:alpha45
rustfs	rustfs	1.0.0:alpha46
rustfs	rustfs	1.0.0:alpha47
rustfs	rustfs	1.0.0:alpha48
rustfs	rustfs	1.0.0:alpha49
rustfs	rustfs	1.0.0:alpha50
rustfs	rustfs	1.0.0:alpha51
rustfs	rustfs	1.0.0:alpha52
rustfs	rustfs	1.0.0:alpha53
rustfs	rustfs	1.0.0:alpha54
rustfs	rustfs	1.0.0:alpha55
rustfs	rustfs	1.0.0:alpha56
rustfs	rustfs	1.0.0:alpha57
rustfs	rustfs	1.0.0:alpha58
rustfs	rustfs	1.0.0:alpha59
rustfs	rustfs	1.0.0:alpha60
rustfs	rustfs	1.0.0:alpha61
rustfs	rustfs	1.0.0:alpha62
rustfs	rustfs	1.0.0:alpha63
rustfs	rustfs	1.0.0:alpha64
rustfs	rustfs	1.0.0:alpha65
rustfs	rustfs	1.0.0:alpha66
rustfs	rustfs	1.0.0:alpha67
rustfs	rustfs	1.0.0:alpha68
rustfs	rustfs	1.0.0:alpha69
rustfs	rustfs	1.0.0:alpha70
rustfs	rustfs	1.0.0:alpha71
rustfs	rustfs	1.0.0:alpha72
rustfs	rustfs	1.0.0:alpha73
rustfs	rustfs	1.0.0:alpha74
rustfs	rustfs	1.0.0:alpha75
rustfs	rustfs	1.0.0:alpha76
rustfs	rustfs	1.0.0:alpha77
rustfs	rustfs	1.0.0:alpha78

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e

https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc