CVE-2025-54307 | Thermo Fisher Torrent Suite Django Application up to 5.18.1 ZIP File Parser zip plupload_file_upload name/filename path traversal

A vulnerability described as critical has been identified in Thermo Fisher Torrent Suite Django Application up to 5.18.1. This impacts the function plupload_file_upload of the file /configure/plugins/plugin/upload/zip/ of the component ZIP File Parser. The manipulation of the argument name/filename results in path traversal.

This vulnerability is reported as CVE-2025-54307. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More