How to fix EUVD-2025-201169?

Within 24 hours: Immediately inventory all systems running Laravel File Manager 3.3.1 or below and disable the unzip/extraction functionality if operationally feasible, or restrict access to trusted users only. Within 7 days: Implement network-level protections (WAF rules blocking suspicious archive uploads, input validation), isolate affected systems, and monitor logs for exploitation attempts. Within 30 days: Develop and test an upgrade plan or migration strategy away from this vulnerable component, as no patch is currently available from the vendor.

Is Laravel File Manager affected by EUVD-2025-201169?

CVE-2025-65346 is a critical directory traversal vulnerability in Laravel File Manager 3.3.1 and below that allows attackers to write files to arbitrary locations on affected servers through malicious archive uploads.

EUVD-2025-201169

| CVE-2025-65346 CRITICAL

2025-12-04 [email protected]

GHSA-q5hg-wppq-r2cc

9.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201169

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

PoC Detected

Dec 16, 2025 - 18:04 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 15:15 nvd

CRITICAL 9.1

Description

alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.

Analysis

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected Products

Affected products: Alexusmai Laravel File Manager

Remediation

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +46

POC: +20

EUVD-2025-201169 vulnerability details – vuln.today

Back

EUVD-2025-201169

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-201169

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code