CVE-2025-13262 MEDIUM

CVE-2025-13262: lsfusion platform UploadFileRequestHandler.java UploadFileRequestHandler path traversal

Vendor Lsfusion

Product platform

Weakness CWE-22 · Path traversal

Published November 17, 2025

Last update November 17, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

Disclosure timeline

November 17, 2025 CVE published

November 17, 2025 Record updated

Identifiers

CVE CVE-2025-13262

CWE CWE-22

CVSS 6.9 / MEDIUM

Affected versions

Vendor Lsfusion

Product platform

Affected 6.0

Vendor Lsfusion

Product platform

Affected 6.1