CVE-2019-25258 - LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vul...

CVE ID : CVE-2019-25258 Published : Dec. 24, 2025, 8:15 p.m. | 1 hour, 29 minutes ago Description : LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor