CVE-2025-59952 Overview
CVE-2025-59952 affects the MinIO Java SDK (minio-java), a Simple Storage Service (S3) client used to perform bucket and object operations against S3-compatible object storage. In versions prior to 8.6.0, the XML parser automatically substituted system property and environment variable references found inside XML tag values with their actual runtime values. An attacker controlling XML content processed by the SDK can extract sensitive host data including credentials, file paths, and configuration details. The maintainers fixed the issue in version 8.6.0 by registering a no-op filter on the XML serializer. This vulnerability is classified under CWE-20: Improper Input Validation.
Critical Impact
Untrusted XML processed by minio-java can trigger automatic substitution of ${...} references, leaking environment variables, system properties, and credentials into responses or logs.
Affected Products
- MinIO Java SDK (minio-java) versions prior to 8.6.0
- Java applications using io.minio:minio as an S3 client library
- Downstream services that parse XML responses from S3-compatible endpoints via the affected SDK
Discovery Timeline
- 2025-09-30 - CVE-2025-59952 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-59952
Vulnerability Analysis
The MinIO Java SDK uses the SimpleXML framework (org.simpleframework.xml) to marshal and unmarshal S3 protocol messages. SimpleXML supports template substitution syntax such as ${variable} inside XML element values. By default, the Persister resolves these references against system properties and environment variables at parse time. The SDK did not disable this behavior, so any ${PATH}, ${user.home}, ${AWS_SECRET_ACCESS_KEY}, or similar token embedded in XML content was silently replaced with the JVM's actual value. When the SDK then echoed parsed content into responses, exception messages, or logs, the resolved value leaked to the attacker or to log aggregation systems.
Root Cause
The root cause is improper input validation [CWE-20] in api/src/main/java/io/minio/Xml.java. The Persister was instantiated without a Filter, so SimpleXML applied its default SystemFilter that resolves environment variables and system properties. Untrusted XML therefore controlled which host values were dereferenced.
Attack Vector
An attacker who can return or inject XML content consumed by a minio-java client triggers substitution. This includes malicious or compromised S3-compatible endpoints, on-path attackers intercepting unencrypted traffic, and bucket policies, tags, or object metadata containing attacker-supplied ${...} tokens. The exposed values can include API keys, JDBC URLs, file paths, and other secrets present in the JVM environment.
import org.simpleframework.xml.Serializer;
import org.simpleframework.xml.convert.AnnotationStrategy;
import org.simpleframework.xml.core.Persister;
+import org.simpleframework.xml.filter.Filter;
import org.simpleframework.xml.stream.Format;
/** XML marshaller and unmarshaller. */
public class Xml {
+ private static final Filter noopFilter =
+ new Filter() {
+ @Override
+ public String replace(String name) {
+ return null;
+ }
+ };
+
public static String marshal(Object source) throws XmlParserException {
try {
- Serializer serializer = new Persister(new AnnotationStrategy(), new Format(0));
+ Serializer serializer = new Persister(new AnnotationStrategy(), noopFilter, new Format(0));
StringWriter writer = new StringWriter();
serializer.write(source, writer);
return writer.toString();
Source: MinIO Java commit f7a98d0. The patch registers a noopFilter whose replace method always returns null, disabling property and environment variable resolution.
Detection Methods for CVE-2025-59952
Indicators of Compromise
- Outbound HTTP requests or log entries from Java applications containing resolved environment variable values such as AWS_SECRET_ACCESS_KEY or JAVA_HOME content where ${...} tokens were expected.
- S3 XML responses or object metadata containing ${...} substitution tokens originating from untrusted buckets or endpoints.
- Application stack traces referencing org.simpleframework.xml.core.Persister paired with values that match local host secrets.
Detection Strategies
- Inventory all Java artifacts and identify dependencies on io.minio:minio with version less than 8.6.0 using SCA tooling or mvn dependency:tree.
- Inspect application logs for parsed S3 response bodies that contain values resembling credentials, file paths, or hostnames not present in source XML.
- Capture and review XML payloads exchanged with non-trusted S3-compatible endpoints to detect crafted ${...} reference patterns.
Monitoring Recommendations
- Alert on egress traffic from application servers to unexpected S3 endpoints, which may indicate a malicious endpoint coercing XML processing.
- Monitor application logs and APM traces for substituted secret material appearing in stack traces or response bodies.
- Track dependency drift through SBOM generation to flag environments still running vulnerable minio-java versions.
How to Mitigate CVE-2025-59952
Immediate Actions Required
- Upgrade minio-java to version 8.6.0 or later in all Java applications and rebuild affected services.
- Rotate any credentials, tokens, or secrets that may have been resolved via JVM environment variables or system properties on hosts running the vulnerable SDK.
- Restrict minio-java clients to trusted S3 endpoints and validate TLS certificates to prevent injection of malicious XML responses.
Patch Information
The fix is delivered in minio-java 8.6.0. See the GitHub Security Advisory GHSA-h7rh-xfpj-hpcm, the 8.6.0 Release Notes, and the upstream commit. The patch installs a Filter whose replace(String name) returns null, instructing SimpleXML to skip property and environment variable substitution.
Workarounds
- If immediate upgrade is not possible, route minio-java traffic only to trusted, authenticated S3 endpoints and reject responses from third-party storage providers.
- Strip or reject XML payloads containing ${...} tokens at a proxy layer before they reach the Java application.
- Reduce sensitive material in JVM environment variables and system properties by sourcing secrets from external vaults at runtime instead.
# Update Maven dependency to the patched version
mvn versions:use-dep-version -Dincludes=io.minio:minio -DdepVersion=8.6.0 -DforceVersion=true
# Or update build.gradle
# implementation 'io.minio:minio:8.6.0'
# Verify resolved version
mvn dependency:tree | grep io.minio
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
