CVE-2025-6152 | Steel Browser up to 0.1.3 files.routes.ts handleFileUpload filename path traversal (Issue 129)

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-6152. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-6152 | Steel Browser up to 0.1.3 files.routes.ts handleFileUpload filename path traversal (Issue 129)

Post correlati

CVE-2025-22810 | CBB Team Content Blocks Builder Plugin up to 2.7.6 on WordPress cross site scripting

CVE-2024-44729 | MiroTalk app/src/server.js access control (9de226)

CVE-2024-3910 | Tenda AC500 2.0.1.9(1307) /goform/DhcpListClient fromDhcpListClient page stack-based overflow

CVE-2024-7465 | TOTOLINK CP450 4.1.0cu.747_B20191224 /cgi-bin/cstecgi.cgi loginauth http_host buffer overflow