Home > Vulnerability Database > CVE-2025-31489

Mend.io Vulnerability Database

CVE-2025-31489

Good to know:

Date: April 3, 2025

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket. Prior knowledge of access-key, and bucket name this user might have access to - and an access-key with a WRITE permissions is necessary. However with relevant information in place, uploading random objects to buckets is trivial and easy via curl. This issue is fixed in RELEASE.2025-04-03T14-56-28Z.

Severity Score

7.5

Related Resources (6)

Url: https://github.com/minio/minio/security/advisories/GHSA-wg47-6jq2-q2hh

Url: https://github.com/minio/minio

Url: https://github.com/minio/minio/commit/8c70975283f9f4ce80f331a25c7475a36279e519

Url: https://github.com/minio/minio/pull/21103

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-31489

Url: https://www.mend.io/vulnerability-database/CVE-2025-31489

Severity Score

7.5

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Top Fix

Upgrade Version

Upgrade to version github.com/minio/minio - v0.0.0-20250403145552-8c70975283f9;https://github.com/minio/minio.git - RELEASE.2025-04-03T14-56-28Z

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-31489

Good to know:

Date: April 3, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?