CVE-2025-6773 | HKUDS LightRAG up to 1.3.8 File Upload document_routes.py upload_to_input_dir file.filename path traversal (Issue 1692)

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal.

This vulnerability is known as CVE-2025-6773. It is possible to launch the attack on the local host. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More