What is the CVSS score of CVE-2025-65346?

CVE-2025-65346 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.3%.

Which versions of Laravel File Manager are affected by CVE-2025-65346?

CVE-2025-65346 is a critical directory traversal vulnerability in Laravel File Manager 3.3.1 and below that allows attackers to write files to arbitrary locations on affected servers through…

Is there a public PoC exploit available for CVE-2025-65346?

Yes, a public proof-of-concept exploit is available for CVE-2025-65346. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-65346?

Within 24 hours: Immediately inventory all systems running Laravel File Manager 3.3.1 or below and disable the unzip/extraction functionality if operationally feasible, or restrict access to trusted users only. Within 7 days: Implement network-level protections (WAF rules blocking suspicious archive uploads, input validation), isolate affected systems, and monitor logs for exploitation attempts. Within 30 days: Develop and test an upgrade plan or migration strategy away from this vulnerable component, as no patch is currently available from the vendor.

Laravel File Manager CVE-2025-65346

EUVD-2025-201169 CRITICAL

Path Traversal (CWE-22)

2025-12-04 cve@mitre.org

GHSA-q5hg-wppq-r2cc

Path Traversal Laravel File Manager

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201169

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 16, 2025 - 18:04 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 15:15 nvd

CRITICAL 9.1

DescriptionCVE.org

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

CVE-2025-65346 vulnerability details – vuln.today

Back

Laravel File Manager CVE-2025-65346

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code