CVE-2025-27088

HIGH EPSS 36.5%
Published Feb 20, 20251y ago · Modified Jun 17, 20262w ago
8.4 CVSS 4.0
High
Find Similar
Published Feb 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted domain, posing a moderate risk to all users. It's possible to inject html elements, including scripts through the folder-list template. The affected template allows users to interact with the URL path provided by the `Request.URL.Path` variable, which is then rendered directly into the HTML without proper sanitization or escaping. This can be abused by attackers who craft a malicious URL containing injected HTML or JavaScript. When users visit such a URL, the malicious script will be executed in the user's context. This issue has been addressed in version 4.18.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS Details

Base Score
8.4
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
36.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 3

VendorProductVersionRange
oxyno-zetas3-proxy* <2.23.1
oxyno-zetas3-proxy* <4.18.1
oxyno-zetas3-proxy* <4.18.1

References 3

  • github.com https://github.com/oxyno-zeta/s3-proxy/blob/master/templates/folder-list.tpl#L19C21-L19C38
    Product
  • github.com https://github.com/oxyno-zeta/s3-proxy/commit/c611c741ed4872ea3f46232be23bb830f96f9564
    Patch
  • github.com https://github.com/oxyno-zeta/s3-proxy/security/advisories/GHSA-pp9m-qf39-hxjc
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/oxyno-zeta/s3-proxy/commit/c611c741ed4872ea3f46232be23bb830f96f9564
    Patch