CVE-2025-24961
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-24961
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24961.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-24961
- Aliases
- Published
- 2025-02-03T20:29:17Z
- Modified
- 2025-10-24T12:22:58.088095Z
- Severity
-
- 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy
- Details
-
org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cwe_ids": [ "CWE-22" ] }- References
Affected packages
Git / github.com/apache/jclouds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/jclouds
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
jclouds-1.*
jclouds-1.6.0-alpha.1
jclouds-1.6.0-alpha.2
jclouds-1.6.0-alpha.4
jclouds-1.9.0
jclouds-1.9.0-rc2
rel/jclouds-2.*
rel/jclouds-2.0.0
rel/jclouds-2.0.0-rc3
rel/jclouds-2.1.0
rel/jclouds-2.1.0-rc3
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2025-24961-2b2e9751",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 297.0,
"function_hash": "125037986075280878767574516804789987634"
},
"deprecated": false,
"target": {
"function": "validate",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-375f2951",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"20069896787609228485977222211093440731",
"62371250332533914505006827101602181105",
"240300076344385683527240250032668309018"
]
},
"deprecated": false,
"target": {
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemBlobKeyValidatorImpl.java"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-39f534a3",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 643.0,
"function_hash": "67762052579734638577474773291296400274"
},
"deprecated": false,
"target": {
"function": "setBlobAccess",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-6e052c09",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 605.0,
"function_hash": "19473607715162460872740041224788012252"
},
"deprecated": false,
"target": {
"function": "getContainerAccess",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-73dd40db",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 743.0,
"function_hash": "286968069799360268862141978955574225926"
},
"deprecated": false,
"target": {
"function": "getBlobAccess",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-97c4e0a9",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 3460.0,
"function_hash": "75805626180805180172202597448144699799"
},
"deprecated": false,
"target": {
"function": "getBlob",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-9be4c3b0",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 306.0,
"function_hash": "250535324545173049656043489211293678162"
},
"deprecated": false,
"target": {
"function": "validate",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-c96f13c4",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"126125980402485448796146326140695003915",
"224570168591990480409201632737670047441",
"285659959648456572612365193748129775754"
]
},
"deprecated": false,
"target": {
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/predicates/validators/internal/FilesystemContainerNameValidatorImpl.java"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-d9f2c3a8",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"280517820510689024097824445194336887208",
"30203255902698912541808272020523246101",
"142040613046567492067553862420793226348",
"126973426007487185210481810294035149874",
"245324513992746587961797861854829973340",
"104504010585023400006309866848722062519",
"114951288954325836199904617570139087345",
"301052261748996005994599213635338063250",
"235714288248837198298935600578189322672",
"36744216232531963065025813108610573473",
"322862239604969039113703932610313841072",
"135093614466465908930363233677412589691",
"292280653821993239457445542794671850305",
"25416287140116036650584491943812176514",
"164987452851581514832633053980903669931",
"230467111484523839231042036189096237840",
"300430498500291166495403003096786773443",
"255043961593155444222468768602442677698",
"114318875738460336790891770250104325888",
"149651680408205056768598205290179565718",
"294223657102792462059963930801879230483",
"227381495677402006585383556111549830100",
"326201561066977391029138156202953558883",
"27491761547388498299634878762132984810"
]
},
"deprecated": false,
"target": {
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-f4e31ce4",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 621.0,
"function_hash": "246820201236669913389154704343751693929"
},
"deprecated": false,
"target": {
"function": "setContainerAccess",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-f7f6f406",
"source": "https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3",
"digest": {
"length": 505.0,
"function_hash": "118672305951905413403379917727390757484"
},
"deprecated": false,
"target": {
"function": "getContainerMetadata",
"file": "apis/filesystem/src/main/java/org/jclouds/filesystem/strategy/internal/FilesystemStorageStrategyImpl.java"
},
"signature_type": "Function"
}
]
Git / github.com/apache/jclouds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gaul/s3proxy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
s3proxy-1.*
s3proxy-1.0.0
s3proxy-1.1.0
s3proxy-1.2.0
s3proxy-1.3.0
s3proxy-1.5.0
s3proxy-1.5.0-prerelease
s3proxy-1.5.1
s3proxy-1.5.2
s3proxy-1.5.3
s3proxy-1.5.4
s3proxy-1.5.5
s3proxy-1.6.0
s3proxy-1.6.1
s3proxy-1.6.2
s3proxy-1.7.0
s3proxy-1.7.1
s3proxy-1.8.0
s3proxy-1.9.0
s3proxy-2.*
s3proxy-2.0.0
s3proxy-2.1.0
s3proxy-2.2.0
s3proxy-2.3.0
s3proxy-2.4.0
s3proxy-2.4.1
s3proxy-2.5.0
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2025-24961-0d124826",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"threshold": 0.9,
"line_hashes": [
"21229688502263514735606727843342161595",
"65612849828031610880673901199691263293",
"196763071858339886562476345374599471254"
]
},
"deprecated": false,
"target": {
"file": "src/test/java/org/gaul/s3proxy/AwsSdkTest.java"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-3ac1f5c0",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"length": 305.0,
"function_hash": "37649104372284271263985405246626672800"
},
"deprecated": false,
"target": {
"function": "removeBlob",
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-4d985be6",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"length": 6012.0,
"function_hash": "33950228511935049175872429163422521220"
},
"deprecated": false,
"target": {
"function": "getBlob",
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-69855920",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"length": 629.0,
"function_hash": "92853780792644939022387166985358695799"
},
"deprecated": false,
"target": {
"function": "setBlobAccess",
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-c275aead",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"length": 1548.0,
"function_hash": "147629936195235924088360560202661383292"
},
"deprecated": false,
"target": {
"function": "list",
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-c91ed9c4",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"threshold": 0.9,
"line_hashes": [
"41087815277347753411819879610421205228",
"275855042814933013467492909438721533667",
"312804813036527476642676292194330309391",
"96738636897754905132804164816271294202",
"131096829020060187486617738340902988692",
"129133302359956553490750484558950146665",
"117734457270716812888527366278886941463",
"83488289998961277477929071883812078030",
"236626223533865729278873307190750761038",
"170542215954916925451346665794548418079",
"300799456308590080409979882777397627821",
"38656440638012592394652799956195779148",
"317216151654293636114550124181885451819",
"310858983857465187506607005788088814625",
"185727769176109565661854696127325783412",
"83495174938195041049882572672754053006",
"23414431107968208900655079730396395446",
"163307058602580085480996886660506501140",
"130881530733780496870306208541747085184",
"220190953617487047309270345180295037885",
"23414431107968208900655079730396395446",
"163307058602580085480996886660506501140",
"130881530733780496870306208541747085184",
"254173289947192452944743262721288674032",
"262668990511459673939218760000903252866",
"97272808899398788133918807529629980964"
]
},
"deprecated": false,
"target": {
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-d9c8bd81",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"length": 473.0,
"function_hash": "30850073682757949044954122981579722170"
},
"deprecated": false,
"target": {
"function": "getBlobAccess",
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2025-24961-eeea50cf",
"source": "https://github.com/gaul/s3proxy/commit/86b6ee4749aa163a78e7898efc063617ed171980",
"digest": {
"length": 2929.0,
"function_hash": "20996456641727449954408095975812358094"
},
"deprecated": false,
"target": {
"function": "putBlob",
"file": "src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java"
},
"signature_type": "Function"
}
]