CVE-2025-53358 is a medium-severity path traversal vulnerability affecting the open-source document comprehension tool kotaemon, developed by Cinnamon. The vulnerability exists in versions 0.10.6 and earlier within the index_fn method located in libs/ktem/ktem/index/file/ui.py. This method accepts both URLs and local file paths without proper validation or sanitization. As a result, an attacker with at least low-level privileges (PR:L) can craft malicious input containing relative path traversal sequences (e.g., ../../../../../.env) that cause the application to access and stream files outside the intended directory scope. This improper limitation of pathname to a restricted directory (CWE-22) allows unauthorized reading and exfiltration of sensitive files on the host system. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N) with low attack complexity (AC:L). The impact is primarily on confidentiality, as attackers can access sensitive configuration or environment files, but it does not affect integrity or availability. The issue has been fixed in version 0.10.7 by commit 37cdc28, though this patch was not publicly available at the time of disclosure. No known exploits are currently reported in the wild. The CVSS 3.1 base score is 6.5, reflecting a medium severity level due to the high confidentiality impact combined with the ease of exploitation and network accessibility.

For European organizations using kotaemon versions 0.10.6 or earlier, this vulnerability poses a significant risk of sensitive data leakage. Since kotaemon is a tool for document comprehension, it may be deployed in environments handling confidential documents, intellectual property, or personal data subject to GDPR regulations. Unauthorized access to environment files or configuration data could expose credentials, API keys, or other secrets, potentially leading to further compromise or data breaches. The confidentiality breach could result in regulatory penalties, reputational damage, and operational disruption. Given the network-exploitable nature of the flaw, attackers could remotely target vulnerable deployments without requiring user interaction, increasing the risk of automated scanning and exploitation attempts once the vulnerability becomes widely known. However, the lack of known active exploits and the requirement for some level of privileges may limit immediate widespread impact. Organizations relying on kotaemon in critical document processing workflows should prioritize remediation to avoid data exfiltration risks.

European organizations should immediately assess their use of kotaemon and identify any instances running version 0.10.6 or earlier. The primary mitigation is to upgrade to version 0.10.7 or later once the patch is publicly available. Until then, organizations should implement strict input validation and sanitization controls on any user-supplied paths or URLs processed by kotaemon to prevent directory traversal sequences. Network-level protections such as firewall rules and segmentation should restrict access to the kotaemon service to trusted users and systems only. Monitoring and logging of file access patterns can help detect anomalous attempts to access sensitive files outside expected directories. Additionally, sensitive environment files and configuration data should be protected with appropriate filesystem permissions and, where possible, isolated from the application runtime environment. Organizations should also consider deploying runtime application self-protection (RASP) or web application firewalls (WAFs) with custom rules to detect and block path traversal payloads targeting kotaemon endpoints. Finally, maintaining an inventory of open-source components and timely patch management processes will reduce exposure to similar vulnerabilities.