{"uuid": "be446388-b3fc-4f73-a688-589b7fca8257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6152", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18608", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6152\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.\n\ud83d\udccf Published: 2025-06-17T01:31:05.835Z\n\ud83d\udccf Modified: 2025-06-17T14:19:20.164Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.312627\n2. https://vuldb.com/?ctiid.312627\n3. https://vuldb.com/?submit.593060\n4. https://github.com/steel-dev/steel-browser/issues/129\n5. https://github.com/steel-dev/steel-browser/issues/129#issuecomment-2936052240\n6. https://github.com/steel-dev/steel-browser/commit/7ba93a10000fb77ee01731478ef40551a27bd5b9", "creation_timestamp": "2025-06-17T14:40:19.000000Z"}