CVE 9.1 CRITICAL

CVE-2025-65346_CVE-2025-65346

December 5, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

AI Analysis

Directory Traversal vulnerability due to insufficient validation of extraction paths in the unzip/extraction functionality

Basic Information

ID CVE-2025-65346

Source mitre

Published Dec 4, 2025 at 00:00

Modified Dec 5, 2025 at 19:55

Affected Product

Vendor alexusmai

Product laravel-file-manager

Version 3.3.1 and below

Affected Versions n/a n/a n/a

CWE Classification

CWE-22

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor alexusmai

Product laravel-file-manager

Version 3.3.1 and below

References

{
    "lastseen": "",
    "description": "alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.",
    "published": "2025-12-04T00:00:00.000Z",
    "modified": "2025-12-05T19:55:59.180Z",
    "type": "cve",
    "title": "CVE-2025-65346",
    "source": "mitre",
    "references": "https://github.com/alexusmai/laravel-file-manager\nhttps://github.com/Theethat-Thamwasin/CVE-2025-65346",
    "id": "CVE-2025-65346",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "laravel-file-manager",
    "version": "3.3.1 and below",
    "vendor": "alexusmai",
    "ai_description": "Directory Traversal vulnerability due to insufficient validation of extraction paths in the unzip/extraction functionality",
    "ai_severity": "Critical",
    "ai_vendor": "alexusmai",
    "ai_product": "laravel-file-manager",
    "ai_version": "3.3.1 and below",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply