Vulnerability Description
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lsfusion | Lsfusion Platform | <= 6.1 |
Related Weaknesses (CWE)
References
- https://github.com/lsfusion/platform/issues/1544ExploitIssue TrackingVendor Advisory
- https://github.com/lsfusion/platform/issues/1544#issue-3589610731ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.332597Permissions RequiredVDB Entry
- https://vuldb.com/?id.332597Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.689414Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-13262?
CVE-2025-13262 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/contr...
How severe is CVE-2025-13262?
CVE-2025-13262 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13262?
Check the references section above for vendor advisories and patch information. Affected products include: Lsfusion Lsfusion Platform.