CVE-2025-6773 | HKUDS LightRAG up to 1.3.8 File Upload document_routes.py upload_to_input_dir file.filename path traversal (Issue 1692)

Inserito da Angelo Barbosa | Giu 27, 2025 | CVE

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal.

This vulnerability is known as CVE-2025-6773. It is possible to launch the attack on the local host. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-6773 | HKUDS LightRAG up to 1.3.8 File Upload document_routes.py upload_to_input_dir file.filename path traversal (Issue 1692)

Post correlati

CVE-2024-5741 | Checkmk up to 2.1.0p44/2.2.0p27/2.3.0p6 Inventory Tree Renderer cross site scripting

CVE-2024-11246 | code-projects Farmacia 1.0 /adicionar-cliente.php nome/cpf/dataNascimento cross site scripting

CVE-2021-47214 | Linux Kernel up to /5.15.4 userfaultfd hugetlb_mcopy_atomic_pte Privilege Escalation (b5069d44e2fb/cc30042df6fc)

CVE-2024-9551 | D-Link DIR-605L 2.13B01 BETA /goform/formSetWanL2TP webpage buffer overflow