VDB
CVE-2025-31489
CVE-2025-31489
PUBLISHED
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access to - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z.
EPSS 1.39% · 80.7th percentile
Risk Scores
EPSS Score
1.39%
80.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | minio | 0 |
| Bitnami | minio | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL confirmed: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- CIRCL seen: CVE-2025-31489 (circl-sighting)
- https://github.com/minio/minio/security/advisories/GHSA-wg47-6jq2-q2hh (circl)
…and 15 more exploits
Timeline
- Apr 3, 2025 CVE Published
- Apr 3, 2025 PoC Published
- Apr 3, 2025 PoC Published
- Apr 3, 2025 PoC Published
- Apr 3, 2025 PoC Published
- Apr 4, 2025 EPSS Score
- Apr 8, 2025 PoC Published
- Apr 10, 2025 PoC Published
- Apr 10, 2025 PoC Published
- Apr 11, 2025 EPSS Score
- Apr 11, 2025 PoC Published
- Apr 17, 2025 EPSS Score