5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-13261

GHSA ID

GHSA-5jpg-2rj5-964c

EPSS Score

0.1305%

CWE

CWE-22

Published

11/17/2025

Updated

11/17/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-13261

CVE-2025-13261: lsFusion Platform has Path Traversal vulnerability

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-13261

CVE-2025-13261:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-13261

GHSA ID

GHSA-5jpg-2rj5-964c

EPSS Score

0.1305%

CWE

CWE-22

Published

11/17/2025

Updated

11/17/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
lsfusion.platform:web-client	maven	<= 6.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the lsfusion.http.controller.file.DownloadFileRequestHandler.handleRequest method. Based on the provided vulnerability description and the analysis of the source code, the version request parameter is used to construct a file path for file download operations. The code does not properly sanitize the version parameter, allowing an attacker to use path traversal sequences (../) to navigate the file system and access arbitrary files. The issue is exacerbated when the initial fileName extracted from the URL path is empty, making the version parameter the sole component of the file path. The FileUtils.readFile call then uses this malicious path, leading to the exposure of sensitive files.

Vulnerable functions

lsfusion.http.controller.file.DownloadFileRequestHandler.handleRequest

web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java

The `handleRequest` method in `DownloadFileRequestHandler` is vulnerable to path traversal. The method retrieves a 'version' parameter from the HTTP request. This parameter is used to construct a file path without proper sanitization. An attacker can provide a malicious 'version' parameter containing directory traversal sequences (e.g., '../') to access arbitrary files on the server's filesystem outside of the intended directory. The vulnerability is triggered when a request is made to an endpoint like `/file/static/noauth` where the filename part of the path is empty, allowing the 'version' parameter to fully control the file path.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-13261: lsFusion Platform has Path Traversal vulnerability

CVE-2025-13261:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-13261: lsFusion Platform has Path Traversal vulnerability

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

5.3

5.3

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI