Description

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. This issue has been patched in version 1.0.0-alpha.78.

INFO

Published Date :

2026-01-07T20:34:25.282Z

Last Modified :

2026-01-07T21:25:33.094Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69255 vulnerability.

Vendors Products
Rustfs
  • Rustfs
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69255.

URL Resource
https://github.com/rustfs/rustfs/commit/eb33e82b56ed11fd12bb39416359d8d60737dc7a cve-icon cve-icon
https://github.com/rustfs/rustfs/security/advisories/GHSA-gw2x-q739-qhcr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability