CVE-2025-56869
MEDIUMsync-in_server < 1.1.1 - Authenticated Path Traversal via FilesManager Functions
Title source: llmDescription
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in backend/src/applications/files/services/files-manager.service.ts.
References (3)
Core 3
Core References
Release Notes
https://github.com/Sync-in/server/releases/tag/v1.2.0
Product
https://sync-in.com/
Scores
CVSS v3
5.3
EPSS
0.0069
EPSS Percentile
48.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
sync-in/sync-in_server
< 1.1.1
Published
Sep 19, 2025
Tracked Since
Feb 18, 2026