CVE-2025-8021: files-bucket-server vulnerable to Directory Traversal

July 23, 2025 (updated September 26, 2025)

All versions of the package files-bucket-server are vulnerable to Directory Traversal, where an attacker can traverse the file system and access files outside of the intended directory.

References

gist.github.com/lirantal/1f833a7d445e8cfbdcb3e75022954b35
github.com/advisories/GHSA-3r3j-4vrw-884j
github.com/dsilva2401/files-bucket-server
nvd.nist.gov/vuln/detail/CVE-2025-8021
security.snyk.io/vuln/SNYK-JS-FILESBUCKETSERVER-9510944

Code Behaviors & Features

Detect and mitigate CVE-2025-8021 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →