Is org.gaul:s3proxy affected by CVE-2025-24961?

Maven org.gaul:s3proxy is affected in <2.6.0.

Is CVE-2025-24961 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

medium

CVE-2025-24961

Q: Is CVE-2025-24961 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

Maven · org.gaul:s3proxy

Summary

S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends

Severity: medium
EPSS: 0.5% (p39)
Also known as: GHSA-2ccp-vqmv-4r4x
Published: 2025-02-03

References

https://github.com/gaul/s3proxy/security/advisories/GHSA-2ccp-vqmv-4r4x
https://nvd.nist.gov/vuln/detail/CVE-2025-24961
https://github.com/apache/jclouds/commit/b0819e0ef5e08c792a4d1724b938714ce9503aa3

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.