CVE-2025-8729

Public Exploit

MigoXLab LMeterX upload_service.py process_cert_files path traversal

Description

A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. The manipulation of the argument task_id leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is f1b00597e293d09452aabd4fa57f3185207350e8. It is recommended to apply a patch to fix this issue.

References

Link	Tags
https://vuldb.com/?id.319225	technical description vdb entry
https://vuldb.com/?ctiid.319225	signature permissions required
https://vuldb.com/?submit.621741	third party advisory
https://github.com/MigoXLab/LMeterX/issues/10	issue tracking
https://github.com/MigoXLab/LMeterX/issues/10#issuecomment-3136380379	issue tracking
https://github.com/MigoXLab/LMeterX/issues/10#issue-3255375024	exploit issue tracking
https://github.com/MigoXLab/LMeterX/commit/f1b00597e293d09452aabd4fa57f3185207350e8	patch

Frequently Asked Questions

What is the severity of CVE-2025-8729?: CVE-2025-8729 has been scored as a medium severity vulnerability.
How to fix CVE-2025-8729?: To fix CVE-2025-8729, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-8729 being actively exploited in the wild?: It is possible that CVE-2025-8729 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-8729?: CVE-2025-8729 affects MigoXLab LMeterX.

Description

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions