| id: GO-2025-4034 |
| modules: |
| - module: github.com/minio/minio |
| versions: |
| - fixed: 0.0.0-20251015170045-c1a49490c78e |
| summary: |- |
| MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service |
| Accounts and STS in github.com/minio/minio |
| cves: |
| - CVE-2025-62506 |
| ghsas: |
| - GHSA-jjjj-jwhf-8rgr |
| references: |
| - advisory: https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-62506 |
| - fix: https://github.com/minio/minio/commit/c1a49490c78e9c3ebcad86ba0662319138ace190 |
| - fix: https://github.com/minio/minio/pull/21642 |
| - report: https://github.com/minio/minio/issues/21647 |
| - web: https://github.com/minio/minio/discussions/21655 |
| - web: https://news.ycombinator.com/item?id=45684035 |
| notes: |
| - fix: 'github.com/minio/minio: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' |
| source: |
| id: GHSA-jjjj-jwhf-8rgr |
| created: 2025-10-28T17:33:46.579153394Z |
| review_status: UNREVIEWED |
