CVE-2025-25297: 
Python vulnerability analysis and mitigation

Label Studio, an open source data labeling tool, disclosed a Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-25297) in its S3 storage integration feature prior to version 1.16.0. The vulnerability was discovered in the endpoint configuration where users could specify a custom S3 endpoint URL via the s3_endpoint parameter. This parameter was passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination (GitHub Advisory).

The vulnerability exists in the S3 storage integration's endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL that is passed to the boto3 AWS SDK without proper validation. The CVSS v3.1 score is 8.6 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, indicating network attack vector, low complexity, no privileges required, and no user interaction needed (GitHub Advisory, NVD).

The vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service. The vulnerability is particularly severe because error messages from failed requests contain the full response body, allowing data exfiltration from internal services (GitHub Advisory).

The vulnerability has been patched in Label Studio version 1.16.0. The fix includes implementing strict validation of S3 endpoint URLs to allow only valid S3 service endpoints, adding an allowlist of endpoint domains and protocols, and sanitizing error messages to prevent leakage of sensitive information from failed requests. Users are advised to upgrade to version 1.16.0 or later (GitHub Advisory).