PT-2025-27252 · Unknown · Hkuds Lightrag
Hannibal0X
·
Published
2025-06-27
·
Updated
2025-06-27
·
CVE-2025-6773
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
HKUDS LightRAG versions up to 1.3.8
Description:
A critical vulnerability was found in the File Upload component of HKUDS LightRAG. The issue affects the
upload to input dir function in the file lightrag/api/routers/document routes.py. The manipulation of the file.filename argument leads to path traversal. This attack can be launched on the local host.Recommendations:
For versions up to 1.3.8, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the
upload to input dir function in the lightrag/api/routers/document routes.py file to minimize the risk of exploitation. Avoid using the file.filename argument in the affected File Upload component until the issue is resolved.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hkuds Lightrag