CNNVD-202511-1939 Information

CNNVD ID

CNNVD-202511-1939

Related CVE

CVE-2025-13265

• CNNVD Published: 2025-11-17

Description (Chinese)

lsFusion是lsfusion开源的一个基于声明性开源语言的信息系统开发平台。 lsfusion 6.1及之前版本存在路径遍历漏洞，该漏洞源于对文件server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java中函数unpackFile的错误操作，可能导致路径遍历。

Description (English)

IsFusion is a platform for information system development based on the declared open-source language. Isfusion 6.1 and previous versions have path-to-path loopholes, which result from the error of the unpackFile function unpackFile in fileserver/src/main/java/lsfusion/server/physics/dev/information/external/to/file/ZipUtils.java.

Hazard Level

High

Vulnerability Type

路径遍历

Published

2025-11-17

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.332600 https://github.com/lsfusion/platform/issues/1545 https://vuldb.com/?submit.689427 https://vuldb.com/?id.332600 https://access.redhat.com/security/cve/cve-2025-13265