Back to overview

CVE-2025-45870

Description
LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion (LFI) in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories.

Metadata

CVE ID
CVE-2025-45870
State
PUBLISHED
Assigner
mitre
Reserved
2025-04-22 00:00 UTC
Published
2026-07-16 00:00 UTC
Last updated
2026-07-16 16:26 UTC
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
Back to overview