Medium severity5.3OSV Advisory· Published Nov 6, 2025· Updated Apr 15, 2026
CVE-2025-64179
CVE-2025-64179
Description
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. This issue is fixed in version 1.71.0 . To workaround the vulnerability, use a load-balancer or application level firewall in order to block the request route /api/v1/usage-report/summary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/treeverse/lakefsGo | < 1.71.0 | 1.71.0 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.