CVE-2025-6773 – HKUDS LightRAG Path Traversal Vulnerability

June 27, 2025

CVE ID : CVE-2025-6773

Published : June 27, 2025, 7:15 p.m. | 3 hours, 2 minutes ago

Description : A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to path traversal. It is possible to launch the attack on the local host. The identifier of the patch is 60777d535b719631680bcf5d0969bdef79ca4eaf. It is recommended to apply a patch to fix this issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53094 – ESPAsyncWebServer CRLF Injection Vulnerability

Next Article CVE-2025-6772 – Eosphoros-AI Db-GPT Path Traversal Vulnerability

Highlights

CVE-2025-7320 – IrfanView CADImage Plugin DXF File Parsing Memory

July 21, 2025

CVE ID : CVE-2025-7320

Published : July 21, 2025, 8:15 p.m. | 4 hours, 25 minutes ago

Description : IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26418.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-6773 – HKUDS LightRAG Path Traversal Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

CVE-2025-4923 – SourceCodester Client Database Management System Unrestricted File Upload Vulnerability

CVE-2025-4593 – WordPress WP Register Profile With Shortcode Sensitive Information Exposure

The 50+ Best Free InDesign Portfolio & Lookbook Templates

How to Push Silent Updates in Flutter Using Shorebird

CVE-2025-7320 – IrfanView CADImage Plugin DXF File Parsing Memory

Empower Users and Protect Against GenAI Data Loss

Transforming network operations with AI: How Swisscom built a network assistant using Amazon Bedrock

CVE-2025-37094 – HPE StoreOnce Directory Traversal File Deletion Vulnerability

CVE-2025-6773 – HKUDS LightRAG Path Traversal Vulnerability

Related Posts