CVE-2025-13261 | lsfusion platform up to 6.1 DownloadFileRequestHandler.java DownloadFileRequestHandler Version path traversal (Issue 1543)

Inserito da Angelo Barbosa | Nov 16, 2025 | CVE

A vulnerability marked as problematic has been reported in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal.

This vulnerability is known as CVE-2025-13261. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2025-13261 | lsfusion platform up to 6.1 DownloadFileRequestHandler.java DownloadFileRequestHandler Version path traversal (Issue 1543)

Post correlati

CVE-2024-5842 | Google Chrome prior 126.0.6478.54 Browser UI use after free (ID 400626)

CVE-2024-25393 | RT-Thread up to 5.0.2 net/at/src/at_server.c stack-based overflow (Issue 8288)

CVE-2024-11101 | 1000 Projects Beauty Parlour Management System 1.0 search-invoices.php searchdata sql injection

CVE-2024-3120 | irontec sngrep up to 1.8.0 SIP Header src/sip.c sip_validate_packet Content-Length/Warning stack-based overflow