CVE-2025-13261 – lsfusion platform DownloadFileRequestHandler.java DownloadFileRequestHandler path traversal

CVE ID : CVE-2025-13261

Published : Nov. 17, 2025, 4:15 a.m. | 48 minutes ago

Description : A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…