CVE-2025-68705
📋 TL;DR
CVE-2025-68705 is a path traversal vulnerability in RustFS's /rustfs/rpc/read_file_stream endpoint that allows attackers to read arbitrary files on the server filesystem. This affects RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.78. Organizations using vulnerable RustFS deployments for distributed object storage are at risk.
💻 Affected Systems
- RustFS
📦 What is this software?
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
Rustfs by Rustfs
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via reading sensitive files like SSH keys, configuration files, or database credentials, potentially leading to lateral movement and data exfiltration.
Likely Case
Unauthorized access to sensitive stored objects, configuration files, or system files, potentially exposing credentials or proprietary data.
If Mitigated
Limited impact if proper network segmentation, file permissions, and input validation are in place, though some data exposure may still occur.
🎯 Exploit Status
Path traversal vulnerabilities typically require minimal technical skill to exploit once the endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.0-alpha.79
Vendor Advisory: https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc
Restart Required: Yes
Instructions:
1. Stop RustFS service. 2. Update to version 1.0.0-alpha.79 or later using your package manager or by downloading from the official repository. 3. Restart RustFS service.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to the /rustfs/rpc/read_file_stream endpoint using firewall rules or web application firewalls.
iptables -A INPUT -p tcp --dport <rustfs_port> -m string --string "/rustfs/rpc/read_file_stream" --algo bm -j DROP
Endpoint Disablement
allDisable the vulnerable endpoint if not required for operations.
Modify RustFS configuration to remove or disable the /rustfs/rpc/read_file_stream endpoint
🧯 If You Can't Patch
- Implement strict input validation and sanitization for file path parameters in the vulnerable endpoint.
- Deploy a web application firewall (WAF) with path traversal protection rules in front of RustFS.
🔍 How to Verify
Check if Vulnerable:
Check RustFS version; if between 1.0.0-alpha.13 and 1.0.0-alpha.78, the system is vulnerable.Check Version:
rustfs --version or check the service/process version in deployment configurationVerify Fix Applied:
Verify version is 1.0.0-alpha.79 or later and test the endpoint with path traversal payloads to ensure they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in RustFS logs, especially requests to /rustfs/rpc/read_file_stream with path traversal sequences (../, ..\)
Network Indicators:
- HTTP requests to /rustfs/rpc/read_file_stream containing path traversal payloads
SIEM Query:
source="rustfs.logs" AND uri_path="/rustfs/rpc/read_file_stream" AND (uri_query="*../*" OR uri_query="*..\*")