Skip to main content

CVE-2025-6152: Path Traversal in Steel Browser

Medium
VulnerabilityCVE-2025-6152cvecve-2025-6152
Published: Tue Jun 17 2025 (06/17/2025, 01:31:05 UTC)
Source: CVE Database V5
Vendor/Project: Steel
Product: Browser

Description

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.

AI-Powered Analysis

AILast updated: 06/17/2025, 02:19:52 UTC

Technical Analysis

CVE-2025-6152 is a path traversal vulnerability identified in Steel Browser versions up to 0.1.3, specifically within the handleFileUpload function located in the file api/src/modules/files/files.routes.ts. The vulnerability arises from improper validation or sanitization of the filename argument during file upload handling, allowing an attacker to manipulate the filename parameter to traverse directories outside the intended upload directory. This can enable unauthorized access to files on the server's filesystem. The vulnerability is remotely exploitable without requiring user interaction or authentication, increasing its risk profile. However, the CVSS 4.0 base score is 5.3 (medium severity), reflecting limited impact on confidentiality, integrity, and availability, as well as the requirement for some privileges (PR:L) to exploit. The vulnerability does not affect system components beyond the Steel Browser's file upload module, and no known exploits are currently reported in the wild. A patch identified by commit 7ba93a10000fb77ee01731478ef40551a27bd5b9 has been released to address this issue. The vulnerability's exploitation could allow attackers to read or overwrite arbitrary files on the server hosting the Steel Browser application, potentially leading to information disclosure or further compromise depending on the server's configuration and the privileges of the application process.

Potential Impact

For European organizations using Steel Browser versions 0.1.0 through 0.1.3, this vulnerability poses a risk of unauthorized file system access via path traversal during file uploads. The impact includes potential exposure of sensitive data stored on the server, unauthorized modification of files, or disruption of service if critical files are overwritten. Organizations in sectors that rely on Steel Browser for internal or customer-facing applications—such as software development firms, digital service providers, or enterprises using Steel Browser as part of their web infrastructure—may face confidentiality breaches or integrity violations. Given the medium CVSS score and the requirement for some level of privileges to exploit, the threat is moderate but should not be underestimated, especially in environments where the Steel Browser is exposed to untrusted networks or users. The absence of known exploits in the wild suggests limited active targeting currently, but the availability of a patch and public disclosure increases the risk of future exploitation attempts. European organizations with sensitive data or critical infrastructure should prioritize remediation to prevent potential lateral movement or data leakage.

Mitigation Recommendations

1. Apply the official patch identified by commit 7ba93a10000fb77ee01731478ef40551a27bd5b9 immediately to all affected Steel Browser instances to remediate the vulnerability. 2. Implement strict input validation and sanitization on the filename parameter in the file upload functionality to prevent directory traversal sequences (e.g., '..', absolute paths). 3. Employ least privilege principles for the Steel Browser application process, ensuring it runs with minimal filesystem permissions to limit the impact of potential exploitation. 4. Use containerization or sandboxing techniques to isolate the Steel Browser environment, reducing the risk of filesystem access beyond intended boundaries. 5. Monitor logs for suspicious file upload activities, especially those containing unusual path patterns or attempts to access sensitive directories. 6. Restrict access to the file upload endpoint to authenticated and authorized users where possible, even though the vulnerability does not require authentication, to reduce exposure. 7. Conduct regular security assessments and penetration tests focusing on file upload functionalities to detect similar vulnerabilities proactively.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-15T18:43:35.926Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6850cd28a8c921274384f3b2

Added to database: 6/17/2025, 2:04:24 AM

Last enriched: 6/17/2025, 2:19:52 AM

Last updated: 8/12/2025, 9:39:50 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats