FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS

Affected packages
minio < RELEASE.2025-10-15T17-29-55Z

Details

VuXML ID 511f5aac-ab46-11f0-9446-f02f7497ecda
Discovery 2025-10-17
Entry 2025-10-17

mino reports:

A privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same user.

[source]

References

CVE Name CVE-2025-62506
URL https://nvd.nist.gov/vuln/detail/CVE-2025-62506

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.