Moderate severityNVD Advisory· Published Nov 17, 2025· Updated Nov 17, 2025
lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal
CVE-2025-13261
Description
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lsfusion.platform:web-clientMaven | <= 6.1 | — |
Affected products
2- lsfusion/platformv5Range: 6.0
Patches
Vulnerability mechanics
References
7- github.com/lsfusion/platform/issues/1543ghsaexploitissue-trackingWEB
- github.com/advisories/GHSA-5jpg-2rj5-964cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13261ghsaADVISORY
- vuldb.comghsathird-party-advisoryWEB
- github.com/lsfusion/platform/issues/1543ghsaissue-trackingWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.