Lsfusion Platform vulnerabilities
3 known vulnerabilities affecting lsfusion/lsfusion_platform.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-13262P2CRITICALCVSS 9.8≤ 6.12025-11-17
CVE-2025-13262 [CRITICAL] CWE-22 CVE-2025-13262: A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely.
nvd
CVE-2025-13265P3CRITICALCVSS 9.1≤ 6.12025-11-17
CVE-2025-13265 [CRITICAL] CWE-22 CVE-2025-13265: A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the functi
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
nvd
CVE-2025-13261P3MEDIUMCVSS 5.3≤ 6.12025-11-17
CVE-2025-13261 [MEDIUM] CWE-22 CVE-2025-13261: A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileReque
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been
nvd