Directus Storage-Driver-S3 vulnerabilities
2 known vulnerabilities affecting directus/storage-driver-s3.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-30225MEDIUM≥ 9.22.0, < 12.0.12025-03-26
CVE-2025-30225 [MEDIUM] CWE-770 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus's S3 assets become unavailable after a burst of malformed transformations
### Summary
When making many malformed transformation requests at once, at some point, all assets are being served as 403.
### Details
When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of `sockets` held on [Agent on NodeHttpHa
ghsaosv
CVE-2025-30350MEDIUM≥ 9.22.0, < 12.0.12025-03-26
CVE-2025-30350 [MEDIUM] CWE-770 Directus's S3 assets become unavailable after a burst of HEAD requests
Directus's S3 assets become unavailable after a burst of HEAD requests
### Summary
There's some tools that use Directus to sync content and assets.
Some of those tools use HEAD method, like Shopify, to check the existence of files.
Although, when making many HEAD requests at once, at some point, all assets are being served as 403.
### Details
When I was investigating this issue, I have found
ghsaosv