Path Traversal Vulnerability in Steel Browser Affects Remote Access Functionality
CVE-2025-6152

5.3MEDIUM

Key Information:

Vendor

Steel

Status
Browser
Vendor
CVE Published:
17 June 2025

What is CVE-2025-6152?

A path traversal vulnerability has been identified in Steel Browser versions up to 0.1.3, specifically in the handleFileUpload function of the file API. This flaw allows an attacker to manipulate the filename argument, potentially leading to unauthorized access to the file system. This vulnerability can be exploited remotely, making it essential for users to apply the recommended patch (7ba93a10000fb77ee01731478ef40551a27bd5b9) to safeguard their systems. Prompt action is advised to mitigate the risks associated with this vulnerability.

Affected Version(s)

Browser 0.1.0

Browser 0.1.1

Browser 0.1.2

References

https://vuldb.com/?id.312627
vdb-entrytechnical-description
https://vuldb.com/?ctiid.312627
signaturepermissions-required
https://vuldb.com/?submit.593060
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.
CVE-2025-6152 : Path Traversal Vulnerability in Steel Browser Affects Remote Access Functionality