lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal_CVE-2025-13262

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-13262

Source VulDB

Published Nov 17, 2025 at 04:02

Affected Product

Vendor lsfusion

Product platform

Version 6.0

Affected Versions lsfusion platform 6.0
lsfusion platform 6.1

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-11-17T04:02:05.028Z",
    "modified": "2025-11-17T04:02:05.028Z",
    "type": "cve",
    "title": "lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.332597\nhttps://vuldb.com/?ctiid.332597\nhttps://vuldb.com/?submit.689414\nhttps://github.com/lsfusion/platform/issues/1544\nhttps://github.com/lsfusion/platform/issues/1544#issue-3589610731",
    "id": "CVE-2025-13262",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "lsfusion platform 6.0\nlsfusion platform 6.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "platform",
    "version": "6.0",
    "vendor": "lsfusion",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}