exploitDog

CVE-2025-57682

Опубликовано: 22 сент. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API

Ссылки

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-57682
Third Party Advisory
https://github.com/mfts/papermark
Product
https://papermark.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:papermark:papermark:*:*:*:*:*:*:*:*

Версия до 0.20.0 (включая)

EPSS

Процентиль: 67%

0.00541

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-gqf3-7crj-6fmr

CVSS3: 6.5

github

5 месяцев назад

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API

EPSS

Процентиль: 67%

0.00541

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22