CVE-2025-57682
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-10-14

Assigner: MITRE

Description
Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57682
EUVD
EUVD-2025-30811
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
papermark papermark to 0.20.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Directory Traversal flaw in Papermark version 0.20.0 and earlier. It allows authenticated attackers to retrieve arbitrary files from an Amazon S3 bucket by exploiting the CloudFront distribution through the POST /api/file/s3/get-presigned-get-url-proxy API endpoint. Essentially, attackers with valid credentials can access files they should not be able to by manipulating the file path in the API request.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive files stored in the S3 bucket used by Papermark. Since attackers can retrieve arbitrary files, this could result in exposure of confidential documents, potentially harming privacy, intellectual property, or business secrets. The CVSS score indicates a moderate severity with high confidentiality impact but no impact on integrity or availability.

Compliance Impact

This vulnerability could negatively impact compliance with standards such as GDPR and HIPAA because unauthorized access to sensitive personal or protected health information stored in the affected files may occur. Such data breaches can lead to violations of data protection regulations, resulting in legal and financial consequences for organizations using vulnerable versions of Papermark. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57682. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart