VDB

CVE-2025-68671

CVE-2025-68671 PUBLISHED CVSS 6.5 MEDIUM

lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

EPSS 0.02% · 4.8th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.02%
4.8th percentile

Affected Products

VendorProductVersions
lakefslakefs0, 0
treeverselakeFS< 1.75.0, < 1.75.0
github.comtreeverse/lakefs0, 0

Timeline

  • Jan 15, 2026 CVE Published
  • Jan 16, 2026 CVE Updated
  • Jan 16, 2026 EPSS Score
  • Jan 19, 2026 EPSS Score
  • Jan 22, 2026 EPSS Score
  • Jan 24, 2026 PoC Published
  • Jan 24, 2026 PoC Published
  • Jan 24, 2026 PoC Published
  • Jan 25, 2026 EPSS Score
  • Jan 28, 2026 EPSS Score
  • Jan 30, 2026 EPSS Score
  • Feb 2, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›