CNNVD-202509-3562 Information
CNNVD ID
CNNVD-202509-3562
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Papermark是Marc Seitz个人开发者的一个文档分析软件。 Papermark 0.20.0及之前版本存在安全漏洞,该漏洞源于通过POST /api/file/s3/get-presigned-get-url-proxy API未正确限制访问,可能导致经过身份验证的攻击者从S3存储桶中检索任意文件。
Description (English)
PaperSmart is a document analysis software for Marc Seitz personal developers. There is a security loophole in PaperSmart 0.20.0 and previous versions, which stems from incorrect access restrictions through POST /api/file/s3/get-presented-get-url-proxy API, which may lead to the search of any document from the S3 storage tank by the identified assailant.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/mfts/papermark https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-57682 https://papermark.com/ https://access.redhat.com/security/cve/cve-2025-57682
Patch
https://github.com/mfts/papermark/releases
Share on: