CVE-2019-25258
Unknown Unknown - Not Provided
Post-Auth File Disclosure in LogicalDOC 7.7.4 via Path Traversal

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-25
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25258
EUVD
EUVD-2025-205296
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
logicaldoc enterprise 7.7.4
logicaldoc enterprise 7.4.2
logicaldoc enterprise 7.6.4
logicaldoc enterprise 7.1.1
apache tomcat 8.5.24
apache tomcat 8.5.13
logicaldoc enterprise 7.7.1
microsoft windows 10
logicaldoc enterprise 7.6.2
logicaldoc enterprise 7.7.3
ubuntu ubuntu 16.04
logicaldoc enterprise 7.5.1
java java 1.8.0_161
logicaldoc enterprise 7.7.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows authenticated attackers to read arbitrary files on the server, including sensitive system files, through directory traversal attacks. Such unauthorized access to sensitive information could lead to data breaches, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data. Therefore, exploitation of this vulnerability may result in non-compliance with these standards due to exposure of confidential information. [1, 2]

Executive Summary

CVE-2019-25258 is a set of multiple post-authentication directory traversal vulnerabilities in LogicalDOC Enterprise versions up to 7.7.4. The vulnerabilities occur because the application does not properly validate user input passed through the 'suffix' and 'fileVersion' parameters. Attackers who are authenticated can exploit these flaws by manipulating these parameters in HTTP requests to the /thumbnail and /convertpdf endpoints, allowing them to traverse directories and read arbitrary local files on the server, such as sensitive system files like 'win.ini' on Windows or '/etc/passwd' on Linux. [1, 2]

Impact Analysis

This vulnerability can allow an authenticated attacker to read arbitrary files on the server hosting LogicalDOC Enterprise. This can lead to exposure of sensitive system and application information, potentially aiding further attacks or unauthorized access. Since attackers can access critical files like 'win.ini' or '/etc/passwd', it may compromise system security and confidentiality of data managed by the document management system. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to exploit the directory traversal in the 'suffix' and 'fileVersion' parameters after authentication. For example, sending crafted HTTP GET requests to the /thumbnail and /convertpdf endpoints with directory traversal payloads to read sensitive files like 'windows\win.ini' or '/etc/passwd'. Example commands using curl could be: 1. curl -u <username>:<password> "http://<target>/thumbnail?suffix=..\..\windows\win.ini" 2. curl -u <username>:<password> "http://<target>/convertpdf?fileVersion=../../etc/passwd" Successful retrieval of these files indicates the presence of the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected endpoints (/thumbnail and /convertpdf) to trusted users only, applying strict input validation and sanitization on the 'suffix' and 'fileVersion' parameters to prevent directory traversal sequences, and ensuring that only authorized users can authenticate. Additionally, monitoring and blocking suspicious requests attempting directory traversal patterns can help reduce risk until a patch or update is applied. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart