CVE-2025-27414: MinIO allows an SFTP authentication bypass due to improperly trusted SSH key
(updated )
A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access.
References
- github.com/advisories/GHSA-wc79-7x8x-2p58
- github.com/minio/minio
- github.com/minio/minio/commit/4c71f1b4ec0fb2a473ddaac18c20ec9e63f267ec
- github.com/minio/minio/commit/91e1487de45720753c9e9e4c02b1bd16b7e452fa
- github.com/minio/minio/security/advisories/GHSA-wc79-7x8x-2p58
- nvd.nist.gov/vuln/detail/CVE-2025-27414
Code Behaviors & Features
Detect and mitigate CVE-2025-27414 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →