- Description
- A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability could lead to remote code execution (RCE) on any user who uses the application. Additionally, an attacker could modify the documentation to include malicious download links.
- Source
- security@huntr.dev
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 5.8
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- security@huntr.dev
- CWE-862
- Hype score
- Not currently trending
🚨 A critical S3 misconfiguration in H2O-3 (CVE-2025-0782) exposed users to remote code execution via a publicly writable bucket. Learn how a supply chain risk went unnoticed. #CloudSecurity #RCE #S3 #DevSecOps #ThreatIntel 🔒 https://t.co/KYkzu4GVUk
@threatsbank
5 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-0782 ⚠️🔴 CRITICAL (10) 🏢 h2oai - h2oai/h2o-3 🏗️ unspecified 🔗 https://t.co/nLT6bi96sG 🔗 https://t.co/tvyzmygjWr #CyberCron #VulnAlert #InfoSec https://t.co/8BIosBc44U
@cybercronai
3 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-0782: CRITICAL] Critical vulnerability in S3 bucket allows public write access to h2oai/h2o-3 'h2o-release' bucket. All versions affected, leading to potential remote code execution and malicious lin...#cve,CVE-2025-0782,#cybersecurity https://t.co/qyJjNhG40I https://t.
@CveFindCom
2 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes