MinIO: Authentication Bypass in SFTP Connections Allows Unauthorized Data Access - Proactive Insights and Support For Open-Source Applications

In MinIO versions starting in RELEASE.2024-06-06T09-36-42Z and prior to
RELEASE.2025-02-28T09-55-16Z a medium severity vulnerability CVE-2025-27414 was detected. This vulnerability allows attackers to bypass authentication and gain unauthorized data access by exploiting a bug in evaluating the trust of the SSH key used in an SFTP connection. To address this issue, users should upgrade MinIO to version RELEASE.2025-02-28T09-55-16Z. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-27414.