CVE-2025-57682

Published: Sep 22, 2025

Modified: Sep 22, 2025

PUBLISHED

Description

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://papermark.com/

https://github.com/mfts/papermark

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-57682

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57682

Description

Affected Products

References