CVE-2025-68671

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request (e.g., through network interception, logs, or compromised systems) can replay that request until credentials are rotated, even after the request is intended to expire. This vulnerability is fixed in 1.75.0.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8	Patch
https://github.com/treeverse/lakeFS/issues/9599	Issue Tracking Exploit
https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lakefs:lakefs:*:*:*:*:*:*:*:*

History

25 Feb 2026, 15:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:lakefs:lakefs::::::::
First Time		Lakefs Lakefs lakefs
References	~~() https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8 -~~	() https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8 - Patch
References	~~() https://github.com/treeverse/lakeFS/issues/9599 -~~	() https://github.com/treeverse/lakeFS/issues/9599 - Issue Tracking, Exploit
References	~~() https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f -~~	() https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f - Vendor Advisory

15 Jan 2026, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-15 23:15

Updated : 2026-02-25 15:03

NVD link : CVE-2025-68671

Mitre link : CVE-2025-68671

CVE.ORG link : CVE-2025-68671

JSON object : View

Products Affected

lakefs

lakefs

CWE

CWE-294

Authentication Bypass by Capture-replay

{"id": "CVE-2025-68671", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2026-01-15T23:15:49.573", "references": [{"url": "https://github.com/treeverse/lakeFS/commit/92966ae611d7f1a2bbe7fd56f9568c975aab2bd8", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/treeverse/lakeFS/issues/9599", "tags": ["Issue Tracking", "Exploit"], "source": "security-advisories@github.com"}, {"url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-f2ph-gc9m-q55f", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request (e.g., through network interception, logs, or compromised systems) can replay that request until credentials are rotated, even after the request is intended to expire. This vulnerability is fixed in 1.75.0."}], "lastModified": "2026-02-25T15:03:23.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lakefs:lakefs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A4347A4-1048-4A23-AE88-001ABB5657BF", "versionEndExcluding": "1.75.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}