GSA_kwCzR0hTQS1yN3E2LTZmbXEtbXg0Y84ABKRr

Moderate EPSS: 0.00154% (0.36937 Percentile) EPSS:

Permalink JSON

Filemanager is vulnerable to Relative Path Traversal through filemanager.php

Affected Packages	Affected Versions	Fixed Versions
packagist:simogeo/filemanager	<= 2.5.0	No known fixed version
0 Dependent packages 5 Dependent repositories 71,776 Downloads total Affected Version Ranges All affected versions 1.6.0, 1.7.0, 1.8.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.

References:

https://nvd.nist.gov/vuln/detail/CVE-2025-46002
https://github.com/simogeo/Filemanager
https://github.com/simogeo/Filemanager/releases/tag/v1.7.0
https://github.com/simogeo/Filemanager/releases/tag/v1.8.0
https://github.com/simogeo/Filemanager/releases/tag/v2.0.0
https://github.com/simogeo/Filemanager/releases/tag/v2.1.0
https://github.com/simogeo/Filemanager/releases/tag/v2.2.0
https://github.com/simogeo/Filemanager/releases/tag/v2.3.0
https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46002/CVE-2025-46002.md
https://www.exploit-db.com/exploits/38945
https://github.com/advisories/GHSA-r7q6-6fmq-mx4c

Identifiers

GHSA-r7q6-6fmq-mx4c

CVE-2025-46002

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00154

EPSS Percentile: 0.36937

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/simogeo/Filemanager

Date and time

Published

12 days ago

Updated

10 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories