CVE-2025-6152 is a path traversal vulnerability identified in Steel Browser versions up to 0.1.3, specifically within the handleFileUpload function located in the file api/src/modules/files/files.routes.ts. The vulnerability arises from improper validation or sanitization of the filename argument during file upload handling, allowing an attacker to manipulate the filename parameter to traverse directories outside the intended upload directory. This can enable unauthorized access to files on the server's filesystem. The vulnerability is remotely exploitable without requiring user interaction or authentication, increasing its risk profile. However, the CVSS 4.0 base score is 5.3 (medium severity), reflecting limited impact on confidentiality, integrity, and availability, as well as the requirement for some privileges (PR:L) to exploit. The vulnerability does not affect system components beyond the Steel Browser's file upload module, and no known exploits are currently reported in the wild. A patch identified by commit 7ba93a10000fb77ee01731478ef40551a27bd5b9 has been released to address this issue. The vulnerability's exploitation could allow attackers to read or overwrite arbitrary files on the server hosting the Steel Browser application, potentially leading to information disclosure or further compromise depending on the server's configuration and the privileges of the application process.

For European organizations using Steel Browser versions 0.1.0 through 0.1.3, this vulnerability poses a risk of unauthorized file system access via path traversal during file uploads. The impact includes potential exposure of sensitive data stored on the server, unauthorized modification of files, or disruption of service if critical files are overwritten. Organizations in sectors that rely on Steel Browser for internal or customer-facing applications—such as software development firms, digital service providers, or enterprises using Steel Browser as part of their web infrastructure—may face confidentiality breaches or integrity violations. Given the medium CVSS score and the requirement for some level of privileges to exploit, the threat is moderate but should not be underestimated, especially in environments where the Steel Browser is exposed to untrusted networks or users. The absence of known exploits in the wild suggests limited active targeting currently, but the availability of a patch and public disclosure increases the risk of future exploitation attempts. European organizations with sensitive data or critical infrastructure should prioritize remediation to prevent potential lateral movement or data leakage.

1. Apply the official patch identified by commit 7ba93a10000fb77ee01731478ef40551a27bd5b9 immediately to all affected Steel Browser instances to remediate the vulnerability. 2. Implement strict input validation and sanitization on the filename parameter in the file upload functionality to prevent directory traversal sequences (e.g., '..', absolute paths). 3. Employ least privilege principles for the Steel Browser application process, ensuring it runs with minimal filesystem permissions to limit the impact of potential exploitation. 4. Use containerization or sandboxing techniques to isolate the Steel Browser environment, reducing the risk of filesystem access beyond intended boundaries. 5. Monitor logs for suspicious file upload activities, especially those containing unusual path patterns or attempts to access sensitive directories. 6. Restrict access to the file upload endpoint to authenticated and authorized users where possible, even though the vulnerability does not require authentication, to reduce exposure. 7. Conduct regular security assessments and penetration tests focusing on file upload functionalities to detect similar vulnerabilities proactively.