Path Traversal Vulnerability in lsfusion Platform by lsfusion
CVE-2025-13265

5.3MEDIUM

Key Information:

Vendor: Lsfusion
Status: Platform
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-13265?

A security weakness has been identified in the lsfusion platform which affects versions up to 6.1. The vulnerability exists within the unpackFile function located in the ZipUtils.java file of the file server. This issue enables an attacker to exploit path traversal, potentially allowing unauthorized access to restricted files through maliciously crafted requests. The nature of the vulnerability facilitates remote exploitation, making it crucial for users to be aware of this risk and act to secure their environment.

Affected Version(s)

platform 6.0

platform 6.1

References

https://vuldb.com/?id.332600

vdb-entrytechnical-description

https://vuldb.com/?ctiid.332600

signaturepermissions-required

https://vuldb.com/?submit.689427

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Nov 16, 2025

Credit

R1ckyZ (VulDB User)

JSON