CVE-2025-13262CRITICAL 9.8EPSS p39.6%

CVE-2025-13262CVE-2025-13262

Description

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.6% · 2026-06-19T12:03:05Z
Published2025-11-17
Last modified2026-04-29

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/lsfusion/platform/issues/1544
  2. https://github.com/lsfusion/platform/issues/1544#issue-3589610731
  3. https://vuldb.com/?ctiid.332597
  4. https://vuldb.com/?id.332597
  5. https://vuldb.com/?submit.689414

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13265
CVE
CVE-2025-27224
CVE
CVE-2025-3381
CVE
CVE-2025-6152
CVE
CVE-2025-59793
CVE
CVE-2026-36762
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.