CVE Catalog

CVE-2025-58902

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Summary

An unauthenticated Local File Inclusion vulnerability exists in Lighthouse versions up to 1.2.12. It allows an attacker to read arbitrary files from the server without authentication.

Risk Assessment

The risk involves potential leakage of sensitive data such as configuration files, passwords, or application source code, without requiring any user account.

Recommendation

Immediately upgrade Lighthouse to a version newer than 1.2.12. If an upgrade is not possible, deploy temporary WAF rules blocking requests containing file paths.

Original NVD description (English source)

Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS