CVE-2025-6152 | Steel Browser up to 0.1.3 files.routes.ts handleFileUpload filename path traversal (Issue 129)

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-6152. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More