Platform
rust
Component
rustfs
Fixed in
1.0.1
1.0.0-alpha.78
CVE-2025-68926 describes a critical authentication bypass vulnerability in RustFS. This flaw allows attackers with network access to execute privileged operations due to a hardcoded, publicly exposed authentication token. The vulnerability affects versions prior to 1.0.0-alpha.78 and has been resolved in the updated version. Immediate action is recommended to mitigate potential risks.
The impact of CVE-2025-68926 is severe. Because the authentication token is hardcoded and publicly available within the RustFS source code, any attacker who can reach the gRPC port can authenticate without credentials. This grants them privileged access, enabling them to perform actions such as data destruction, policy manipulation, and cluster configuration changes. The lack of token rotation and configurability exacerbates the risk, as the same vulnerable token is used across all RustFS deployments. This vulnerability presents a significant risk to data integrity and system availability.
CVE-2025-68926 is currently not listed on the CISA KEV catalog. The EPSS score is likely to be high due to the ease of exploitation (publicly available token) and the potential for significant impact. Public proof-of-concept exploits are likely to emerge given the simplicity of the attack vector. The vulnerability was published on 2025-12-30.
Exploit Status
EPSS
10.61% (93% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-68926 is to upgrade RustFS to version 1.0.0-alpha.78 or later, which includes the fix for the hardcoded token. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict access to the gRPC port. While a WAF or proxy cannot directly address the hardcoded token issue, they can provide an additional layer of defense by monitoring for suspicious gRPC traffic. There are no specific configuration workarounds beyond upgrading. After upgrading, confirm the fix by attempting to authenticate with the original token; it should be rejected.
Actualice RustFS a la versión 1.0.0-alpha.78 o superior. Esta versión corrige la vulnerabilidad de autenticación mediante token hardcoded. La actualización eliminará el token estático y requerirá una configuración de autenticación más segura.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-68926 is a critical vulnerability in RustFS where a hardcoded, publicly exposed token allows attackers to bypass authentication and gain privileged access.
If you are running RustFS versions prior to 1.0.0-alpha.78, you are affected by this vulnerability. Assess your deployments immediately.
Upgrade RustFS to version 1.0.0-alpha.78 or later to resolve the authentication bypass vulnerability. This is the recommended and primary mitigation.
While there is no confirmed active exploitation at this time, the ease of exploitation suggests it is likely to be targeted soon. Monitor your systems closely.
Refer to the official RustFS project repository and release notes for the advisory and detailed information regarding the fix.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Cargo.lock file and we'll tell you instantly if you're affected.