The flaw is in Casdoor’s Local File System storage provider, where inadequate path sanitization allows an authenticated attacker with administrative privileges to exploit a path traversal vulnerability. This attack can create or overwrite any file on the host filesystem, breaking the application’s sandbox and giving the attacker arbitrary file write capability. The primary impact is the ability to tamper with or replace critical files, potentially compromising the integrity and confidentiality of the system.

Casdoor, specifically the Casdoor implementation that uses the Local File System storage provider. No version‑specific details are supplied, so all deployments that employ this storage provider are potentially vulnerable until a vendor fix is released. Administrators should verify whether their environment uses the affected component.

The vulnerability requires authentication with administrative privileges, limiting the attacker to users who already have legitimate access, which constrains the attack surface. The CVSS score is 5.9, and the EPSS is below 1%, and it is not listed in CISA KEV, indicating a lower probability of exploitation. Nevertheless, if exploited, the arbitrary file write could lead to integrity violations or code execution. The risk is moderate for environments where administrative accounts are accessible or the storage provider is exposed to potentially compromised users.