Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. github.com/minio/minio
  4. ›
  5. CVE-2025-27414

CVE-2025-27414: MinIO allows an SFTP authentication bypass due to improperly trusted SSH key

March 3, 2025

A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access.

References

  • github.com/advisories/GHSA-wc79-7x8x-2p58
  • github.com/minio/minio
  • github.com/minio/minio/commit/4c71f1b4ec0fb2a473ddaac18c20ec9e63f267ec
  • github.com/minio/minio/commit/91e1487de45720753c9e9e4c02b1bd16b7e452fa
  • github.com/minio/minio/security/advisories/GHSA-wc79-7x8x-2p58
  • nvd.nist.gov/vuln/detail/CVE-2025-27414

Code Behaviors & Features

Detect and mitigate CVE-2025-27414 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 0.0.0-20240605075113-91e1487de457 before 0.0.0-20250227184332-4c71f1b4ec0f

Fixed versions

  • 0.0.0-20250227184332-4c71f1b4ec0f

Solution

Upgrade to version 0.0.0-20250227184332-4c71f1b4ec0f or above.

Weakness

  • CWE-287: Improper Authentication

Source file

go/github.com/minio/minio/CVE-2025-27414.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:16:08 +0000.