CVE-2025-65345

MEDIUM

alexusmai/laravel-file-manager < 3.3.1 - Directory Traversal via Zip Archive Functionality

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65345. PoCs published by tlekrean.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-65345, describing an authenticated path traversal vulnerability in laravel-file-manager v3.3.1 and below. The vulnerability allows attackers to disclose arbitrary files on the server by manipulating the ZIP creation functionality.

Description

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.

Exploits (1)

nomisec WRITEUP
by tlekrean · poc
https://github.com/tlekrean/CVE-2025-65345

This repository contains a detailed writeup for CVE-2025-65345, describing an authenticated path traversal vulnerability in laravel-file-manager v3.3.1 and below. The vulnerability allows attackers to disclose arbitrary files on the server by manipulating the ZIP creation functionality.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: laravel-file-manager v3.3.1 and below
Auth required
Prerequisites: Authenticated access to the file manager interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0003
EPSS Percentile 8.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (2)
alexusmai/laravel-file-manager 0Packagist
alexusmai/laravel_file_manager < 3.3.1
Published Dec 03, 2025
Tracked Since Feb 18, 2026