ONLYOFFICE Document Server Path Traversal Vulnerability Allowing Arbitrary File Access

Vulnerability

A path traversal vulnerability has been identified in ONLYOFFICE Document Server versions prior to 8.0.1. This vulnerability allows remote attackers to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint. Exploitation of this issue could lead to unauthorized access to sensitive files and potentially cause a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive files, with the possibility of causing a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ONLYOFFICE Document Server Path Traversal Vulnerability Allowing Arbitrary File Access

Vulnerability

Impact

Affected Products

ONLYOFFICE Document Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating