Main Vulnerability Database Exploits ID:12305 - Exploit for Path traversal in jspdf - CVE-2025-68428

ID:12305 - Exploit for Path traversal in jspdf - CVE-2025-68428

Published: January 16, 2026

Vulnerability identifier: #VU120930

Vulnerability risk: High

CVE-ID: CVE-2025-68428

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
jspdf

Link to public exploit:

https://github.com/Nurjaman2004/jsPDF-Bulk-Detector-CVE-2025-68428-

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via the first argument of the loadFile, addImage, html, and addFont methods in the node.js build in dist/jspdf.node.js and dist/jspdf.node.min.js files. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install updates from vendor's website.

ID:12305 - Exploit for Path traversal in jspdf - CVE-2025-68428

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human