CVE-2025-6152

Name of the Vulnerable Software and Affected Versions Steel Browser versions up to 0.1.3

Description A critical vulnerability was found in Steel Browser, affecting the handleFileUpload function of the file api/src/modules/files/files.routes.ts. The manipulation of the filename argument leads to path traversal. It is possible to initiate the attack remotely.

Recommendations For Steel Browser versions up to 0.1.3, apply the patch named 7ba93a10000fb77ee01731478ef40551a27bd5b9 to fix this issue. As a temporary workaround, consider restricting access to the handleFileUpload function until the patch is applied. Avoid using the filename argument in the affected API endpoint until the issue is resolved.