CVE-2019-25258 – LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

CVE ID : CVE-2019-25258

Published : Dec. 24, 2025, 7:28 p.m. | 53 minutes ago

Description : LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified ‘suffix’ and ‘fileVersion’ parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-68920 – C-Kermit Remote File Overwrite/Vulnerable File Retrieval

CVE-2025-8769 – MegaSys Computer Technologies Telenium Online Web Application Improper Input Validation

CVE-2025-68919 – Fujitsu Fsas Technologies ETERNUS SF ACM/SC/Express Management Software Authentication Bypass

CVE-2025-68917 – ONLYOFFICE Docs Cross-Site Scripting Vulnerability