Description
MinIO Java SDK is a Simple Storage Service (aka S3) client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials, file paths, or system configuration details, if such references were present in XML content from untrusted sources. This is fixed in version 8.6.0.
INFO
Published Date :
2025-09-29T23:32:33.994Z
Last Modified :
2026-01-23T17:37:00.458Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2025-59952 vulnerability.
| Vendors | Products |
|---|---|
| Minio |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59952.