Home

Description

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API

PUBLISHED Reserved 2025-08-17 | Published 2025-09-22 | Updated 2025-09-22 | Assigner mitre

References

papermark.com/

github.com/mfts/papermark

github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-57682

cve.org (CVE-2025-57682)

nvd.nist.gov (CVE-2025-57682)

Download JSON