CVE-2025-30225

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Mar 26, 2025

Updated: Mar 27, 2025

CWE ID 770

Summary

CVE-2025-30225 is a vulnerability affecting Directus, a real-time API and dashboard for managing SQL database content. Specifically, the `@directus/storage-driver-s3` package, used in Directus versions prior to 11.5.0, is vulnerable to asset unavailability. When subjected to a burst of malformed transformation requests, all assets become unavailable, leading to a denial of service for all Directus policies, including Admin and Public. The issue is resolved in version 12.0.1 of the `@directus/storage-driver-s3` package and version 11.5.0 of Directus.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4eFqVm
https://www.cve.org/CVERecord?id=CVE-2025-30225
https://nvd.nist.gov/vuln/detail/CVE-2025-30225

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2025-30225

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations