Medium severity5.5NVD Advisory· Published Jun 19, 2025· Updated Apr 29, 2026
CVE-2025-6278
CVE-2025-6278
Description
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
upsonicPyPI | < 0.56.0 | 0.56.0 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/Upsonic/Upsonic/issues/356nvdExploitWEB
- github.com/advisories/GHSA-8jf4-fcjr-68c2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-6278ghsaADVISORY
- vuldb.comnvdThird Party AdvisoryVDB EntryWEB
- vuldb.comnvdThird Party AdvisoryVDB EntryWEB
- github.com/Upsonic/Upsonic/blob/v0.55.6/src/upsonic/server/markdown/server/server.pyghsaWEB
- github.com/Upsonic/Upsonic/commit/a54529acc6e4bfe28f4f5c80c058144348a306b7ghsaWEB
- github.com/Upsonic/Upsonic/pull/360ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/upsonic/PYSEC-2025-67.yamlghsaWEB
- vuldb.comnvdPermissions RequiredVDB EntryWEB
News mentions
0No linked articles in our index yet.