9.8

CVE-2025-68926

Exploit
RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments. Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations including data destruction, policy manipulation, and cluster configuration changes. Version 1.0.0-alpha.78 contains a fix for the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RustfsRustfs Version1.0.0 Updatealpha1 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha10 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha11 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha12 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha13 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha14 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha15 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha16 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha17 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha18 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha19 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha2 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha20 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha21 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha22 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha23 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha24 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha25 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha26 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha27 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha28 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha29 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha3 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha30 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha31 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha32 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha33 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha34 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha35 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha36 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha37 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha38 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha39 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha4 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha40 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha41 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha42 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha43 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha44 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha45 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha46 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha47 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha48 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha49 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha5 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha50 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha51 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha52 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha53 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha54 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha55 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha56 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha57 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha58 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha59 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha6 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha60 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha61 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha62 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha63 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha64 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha65 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha66 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha67 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha68 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha69 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha7 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha70 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha71 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha72 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha73 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha74 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha75 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha76 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha77 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha8 SwPlatformrust
RustfsRustfs Version1.0.0 Updatealpha9 SwPlatformrust
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.21% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.