A critical file-read vulnerability in Budibase versions prior to 3.39.9 allows authenticated users to bypass directory restrictions and access sensitive system files via symbolic link manipulation.

The application fails to properly sanitize symbolic links during the processing of uploaded .zip files for PWA icons. An attacker can craft a malicious archive containing symlinks that resolve to arbitrary files on the host system, allowing the application to read and return the contents of those files to the user.

With a CVSS score of 9.6, this vulnerability poses a significant risk to the confidentiality of the server hosting the Budibase platform. An authenticated builder can exploit this to read sensitive configuration files, environment variables, or system credentials. This information disclosure can easily lead to a broader compromise of the entire server environment.

Immediate Action: Upgrade all Budibase instances to version 3.39.9 or higher to implement proper path and symlink validation.

Proactive Monitoring: Review file access logs and monitor for unusual attempts to read system files or directories outside of the intended application storage path.

Compensating Controls: Ensure the Budibase application is running in a highly restricted container environment with minimal filesystem access to limit the impact of potential file-read attempts.

Public Exploit Available: No

The ability to read arbitrary system files represents a catastrophic failure of input validation. Organizations should treat this update with high priority to prevent unauthorized access to sensitive local files and maintain the integrity of their hosting infrastructure.