CVE-2025-13261 | lsfusion platform up to 6.1 DownloadFileRequestHandler.java DownloadFileRequestHandler Version path traversal (Issue 1543)

A vulnerability marked as problematic has been reported in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal.

This vulnerability is known as CVE-2025-13261. Remote exploitation of the attack is possible. Furthermore, an exploit is available.VulDB Recent EntriesRead More