CVE-2025-68926 – RustFS has a gRPC Hardcoded Token Authentication Bypass

CVE ID : CVE-2025-68926

Published : Dec. 30, 2025, 5:15 p.m. | 1 hour, 8 minutes ago

Description : RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.77, RustFS implements gRPC authentication using a hardcoded static token `”rustfs rpc”` that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments. Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations including data destruction, policy manipulation, and cluster configuration changes. Version 1.0.0-alpha.77 contains a fix for the issue.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-68926 – RustFS has a gRPC Hardcoded Token Authentication Bypass

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2025-15263 – BiggiDroid Simple PHP CMS Admin Login login.php sql injection

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-15354 – itsourcecode Society Management System add_admin.php sql injection

CVE-2025-69261 – WasmEdge integer wrap in MemoryInstance::getSpan()’s memory size check

CVE-2025-15353 – itsourcecode Society Management System edit_admin_query.php edit_admin_query sql injection

CVE-2025-69210 – FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload