CVE-2025-6278

Name of the Vulnerable Software and Affected Versions Upsonic versions up to 0.55.6

Description A critical vulnerability was found in Upsonic, affecting the os.path.join function in the markdown/server.py file. The manipulation of the file.filename argument leads to path traversal. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 0.55.6, consider restricting access to the os.path.join function in the markdown/server.py file to minimize the risk of exploitation. As a temporary workaround, avoid using the file.filename argument in the affected function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.