CVE-2025-45870
Deferred Deferred - Pending Action

Local File Inclusion in LogicalDOC Enterprise

Vulnerability report for CVE-2025-45870, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: MITRE

Description

LogicalDOC Enterprise up to and for v9.1.1 is vulnerable to Local File Inclusion (LFI) in the OnlyOfficeEditor servlet class, allowing authenticated user to exploit path traversal flaws in the fileExt parameter, enabling unauthorized access to sensitive files outside the designated directories.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
logicaldoc enterprise to 9.1.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-45870 is a Local File Inclusion (LFI) vulnerability in LogicalDOC Enterprise versions up to 9.1.1. It exists in the OnlyOfficeEditor servlet, specifically the /onlyoffice/editor endpoint. An authenticated user can exploit path traversal flaws in the fileExt parameter by using sequences like '../' to access files outside the intended directory. The vulnerability occurs because user input is passed to the OnlyOfficeDocumentManager.createSample method without proper validation.

Detection Guidance

To detect this vulnerability, check if LogicalDOC Enterprise versions up to 9.1.1 are running. Inspect network traffic for requests to the /onlyoffice/editor endpoint with manipulated fileExt parameters containing path traversal sequences like ../. Review server logs for unusual file access patterns or sample document creation events.

Impact Analysis

This vulnerability allows an attacker to read sensitive files on the server, including configuration files that may contain secrets or credentials. If exploited, it could lead to unauthorized access to internal infrastructure details, potentially facilitating further compromise of the system or data breaches.

Compliance Impact

This vulnerability could lead to non-compliance with GDPR and HIPAA due to unauthorized access to sensitive files. Exposure of configuration files or credentials may violate data protection requirements under GDPR (e.g., unauthorized access to personal data) and HIPAA (e.g., breach of protected health information).

Mitigation Strategies

Immediately upgrade to LogicalDOC version 9.2 or later if available. As a temporary measure, restrict access to the /onlyoffice/editor endpoint and implement strict allowlisting for the fileExt parameter. Reject any input containing path traversal sequences and enforce canonical path resolution within intended directories.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-45870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart