Home

Description

LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host.

PUBLISHED Reserved 2025-04-22 | Published 2026-07-13 | Updated 2026-07-13 | Assigner mitre

References

www.logicaldoc.com/

github.com/...-Disclosure/blob/main/CVE-2025-45869/README.md

cve.org (CVE-2025-45869)

nvd.nist.gov (CVE-2025-45869)

Download JSON