Security Advisory

CVE-2019-25258

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-24 19:28:06

Last updated 2026-03-05 12:02:20

Assigner VulnCheck

State PUBLISHED

Description

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified suffix and fileVersion parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.

← Browse all CVEs View on cve.org ↗