VYPR
Moderate severityNVD Advisory· Published Nov 17, 2025· Updated Nov 17, 2025

lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal

CVE-2025-13261

Description

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lsfusion.platform:web-clientMaven
<= 6.1

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.