CVE-2025-57682

Name of the Vulnerable Software and Affected Versions Papermark versions prior to 0.20.0

Description An issue exists in Papermark that allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution. This is possible via the 'POST /api/file/s3/get-presigned-get-url-proxy' API endpoint. The vulnerability involves directory traversal, enabling unauthorized access to files.

Recommendations Update Papermark to version 0.20.0 or later.