CVE-2025-13265 – lsfusion platform ZipUtils.java unpackFile path traversal

CVE ID : CVE-2025-13265

Published : Nov. 17, 2025, 6:15 a.m. | 48 minutes ago

Description : A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…