Sync In · Sync In · CVE-2025-56869
**Name of the Vulnerable Software and Affected Versions**
Sync In versions through 1.1.1
**Description**
A directory traversal issue exists in Sync In server. Authenticated attackers can achieve read and write access to the system through the `FilesManager.saveMultipart` function located in `backend/src/applications/files/services/files-manager.service.ts`, and the `FilesManager.compress` function also in `backend/src/applications/files/services/files-manager.service.ts`.
**Recommendations**
Update versions prior to 1.1.2.