High severity7.3NVD Advisory· Published Nov 17, 2025· Updated Apr 29, 2026
CVE-2025-13262
CVE-2025-13262
Description
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lsfusion.platform:web-clientMaven | <= 6.1 | — |
Affected products
2Patches
Vulnerability mechanics
References
7- github.com/lsfusion/platform/issues/1544nvdExploitIssue TrackingVendor AdvisoryWEB
- github.com/lsfusion/platform/issues/1544nvdExploitIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-gwwr-j923-vq7rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13262ghsaADVISORY
- vuldb.comnvdThird Party AdvisoryVDB EntryWEB
- vuldb.comnvdThird Party AdvisoryVDB EntryWEB
- vuldb.comnvdPermissions RequiredVDB EntryWEB
News mentions
0No linked articles in our index yet.