SCA: security update for label-studio (GHSA-m238-fmcw-wh58)

high Tenable Cloud Security Plugin ID 420904

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage
integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint
configuration. When creating an S3 storage connection, the application allows users to specify a custom S3
endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK
without proper validation or restrictions on the protocol or destination. The vulnerability allows an
attacker to make the application send HTTP requests to arbitrary internal services by specifying them as
the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API
calls to the specified endpoint, effectively making HTTP requests to the target service and returning the
response in error messages. This SSRF vulnerability enables attackers to bypass network segmentation and
access internal services that should not be accessible from the external network. The vulnerability is
particularly severe because error messages from failed requests contain the full response body, allowing
data exfiltration from internal services. Version 1.16.0 contains a patch for the issue. (CVE-2025-25297)

See Also

https://github.com/advisories/GHSA-m238-fmcw-wh58

Plugin Details

Severity: High

ID: 420904

Version: Revision 1.9

Type: Local

Family: SCA Checks

Published: 2/14/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.3

Percentile: 51.16

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2025-25297

CVSS v3

Risk Factor: High

Base Score: 7.7

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/14/2025

Vulnerability Publication Date: 2/14/2025

Reference Information

CVE: CVE-2025-25297

cwe: CWE-918