PT-2026-57853 · Unknown · Logicaldoc Enterprise
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2025-45869
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
LogicalDOC Enterprise versions prior to 9.1.1
Description
An unauthenticated attacker can perform a Server-Side Request Forgery (SSRF), which occurs when a server is tricked into making requests to an unintended destination. The issue exists in the 'ShareFileCallback' servlet, where manipulating input parameters allows the attacker to trigger a server-side request to a host under their control.
Recommendations
Update LogicalDOC Enterprise to version 9.1.1 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logicaldoc Enterprise