CVE-2025-46002: Filemanager is vulnerable to Relative Path Traversal through filemanager.php
(updated )
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
References
- github.com/advisories/GHSA-r7q6-6fmq-mx4c
- github.com/simogeo/Filemanager
- github.com/simogeo/Filemanager/releases/tag/v1.7.0
- github.com/simogeo/Filemanager/releases/tag/v1.8.0
- github.com/simogeo/Filemanager/releases/tag/v2.0.0
- github.com/simogeo/Filemanager/releases/tag/v2.1.0
- github.com/simogeo/Filemanager/releases/tag/v2.2.0
- github.com/simogeo/Filemanager/releases/tag/v2.3.0
- github.com/zakumini/CVE-List/blob/main/CVE-2025-46002/CVE-2025-46002.md
- nvd.nist.gov/vuln/detail/CVE-2025-46002
- www.exploit-db.com/exploits/38945
Code Behaviors & Features
Detect and mitigate CVE-2025-46002 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →