CVE-2025-6278

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
Configurations

No configuration.

History

23 Jun 2025, 20:16

Type Values Removed Values Added
References () https://github.com/Upsonic/Upsonic/issues/356 - () https://github.com/Upsonic/Upsonic/issues/356 -
Summary
  • (es) Se detectó una vulnerabilidad crítica en Upsonic hasta la versión 0.55.6. Esta vulnerabilidad afecta la función os.path.join del archivo markdown/server.py. La manipulación del argumento file.filename provoca un path traversal. Se ha hecho público el exploit y puede que sea utilizado.

19 Jun 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-19 21:15

Updated : 2025-06-23 20:16


NVD link : CVE-2025-6278

Mitre link : CVE-2025-6278

CVE.ORG link : CVE-2025-6278


JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')