CVE-2025-8729 Information

Aug 09, 2025 cve

Description

A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. The manipulation of the argument task_id leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is f1b00597e293d09452aabd4fa57f3185207350e8. It is recommended to apply a patch to fix this issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/MigoXLab/LMeterX/issues/10 https://github.com/MigoXLab/LMeterX/issues/10#issue-3255375024 https://github.com/MigoXLab/LMeterX/issues/10#issuecomment-3136380379 https://vuldb.com/?ctiid.319225 https://vuldb.com/?id.319225 https://vuldb.com/?submit.621741 https://github.com/MigoXLab/LMeterX/commit/f1b00597e293d09452aabd4fa57f3185207350e8 https://github.com/MigoXLab/LMeterX/issues/10

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3

CNNVD-202508-798 (Published: 2025-08-08)

Share on: