CVE Catalog
CVE-2025-58902
HighCVSS 8.1Summary
An unauthenticated Local File Inclusion vulnerability exists in Lighthouse versions up to 1.2.12. It allows an attacker to read arbitrary files from the server without authentication.
Risk Assessment
The risk involves potential leakage of sensitive data such as configuration files, passwords, or application source code, without requiring any user account.
Recommendation
Immediately upgrade Lighthouse to a version newer than 1.2.12. If an upgrade is not possible, deploy temporary WAF rules blocking requests containing file paths.
Original NVD description (English source)
Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 versions.

