CVE-2025-65346

Published: Dec 4, 2025

Modified: Dec 5, 2025

PUBLISHED

Description

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/alexusmai/laravel-file-manager

https://github.com/Theethat-Thamwasin/CVE-2025-65346

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-65346

Description

Affected Products

References