PT-2026-57853 · Unknown · Logicaldoc Enterprise

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2025-45869

CVSS v3.1

7.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise versions prior to 9.1.1
Description An unauthenticated attacker can perform a Server-Side Request Forgery (SSRF), which occurs when a server is tricked into making requests to an unintended destination. The issue exists in the 'ShareFileCallback' servlet, where manipulating input parameters allows the attacker to trigger a server-side request to a host under their control.
Recommendations Update LogicalDOC Enterprise to version 9.1.1 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-45869

Affected Products

Logicaldoc Enterprise