Low severityOSV Advisory· Published Dec 3, 2025· Updated Dec 5, 2025

CVE-2025-65345

Description

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
alexusmai/laravel-file-managerPackagist	<= 3.3.1	—

Affected products

Alexusmai/Laravel File ManagerOSV
Range: 1.0.0, 1.0.1, 1.0.2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-rr44-8j7r-jg2qghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-65345ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000