CVE-2025-6773
BaseFortify
Publication date: 2025-06-27
Last updated on: 2025-06-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6773 is a path traversal vulnerability in the HKUDS LightRAG framework (up to version 1.3.8) affecting the file upload functionality. Specifically, the function `upload_to_input_dir` in `lightrag/api/routers/document_routes.py` constructs the destination file path using the user-controllable `file.filename` without proper sanitization. This allows an attacker to craft filenames containing directory traversal sequences like `../` to upload files outside the intended input directory, potentially placing malicious files anywhere on the server's filesystem and bypassing directory restrictions. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access to upload files to arbitrary locations on your server, outside the intended upload directory. This can lead to unauthorized file placement, potentially enabling execution of malicious code, modification or replacement of critical files, and overall compromise of system confidentiality, integrity, and availability. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring file upload activities on the LightRAG server, specifically looking for filenames containing directory traversal sequences such as '../' or attempts to upload files outside the intended input directory. Since exploitation requires local access and involves manipulation of the 'file.filename' parameter, you can check server logs or audit file uploads for suspicious filenames. Additionally, inspecting the LightRAG Server Setting page for unauthorized access to the inputs directory may indicate exploitation attempts. There are no specific commands provided in the resources, but you can use file system monitoring tools or grep commands to search for suspicious filenames in upload directories, for example: `grep -r '\.\./' /path/to/lightRAG/input_dir` or monitoring logs for unusual file paths. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 60777d535b719631680bcf5d0969bdef79ca4eaf, which introduces a `sanitize_filename()` function that validates and cleans uploaded filenames to prevent path traversal. This patch removes path separators, traversal sequences, control characters, and null bytes from filenames, ensures the final file path is within the intended input directory, and returns HTTP 400 errors for invalid filenames. Until the patch is applied, restrict local access to the server, monitor file uploads for suspicious filenames, and consider disabling file uploads if possible to reduce risk. [3, 4]