Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by filerise
CVE-2026-33477 (GCVE-0-2026-33477)
Vulnerability from cvelistv5 – Published: 2026-03-26 17:09 – Updated: 2026-03-26 18:23
VLAI?
Title
FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content
Summary
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33477",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:46:36.577852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:23:47.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.7, \u003c 3.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user with only `read_own` access to a folder to retrieve snippet content from files uploaded by other users in the same folder. This is a server-side authorization flaw in the `read_own` enforcement for hover previews. Version 3.11.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T17:09:00.236Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-62wx-vp78-2p83"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.11.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.11.0"
}
],
"source": {
"advisory": "GHSA-62wx-vp78-2p83",
"discovery": "UNKNOWN"
},
"title": "FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users\u2019 file content"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33477",
"datePublished": "2026-03-26T17:09:00.236Z",
"dateReserved": "2026-03-20T16:16:48.970Z",
"dateUpdated": "2026-03-26T18:23:47.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33330 (GCVE-0-2026-33330)
Vulnerability from cvelistv5 – Published: 2026-03-24 19:15 – Updated: 2026-03-24 20:07
VLAI?
Title
FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback
Summary
FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise's ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0.
Severity ?
7.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33330",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T19:58:39.128918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T20:07:58.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. Prior to version 3.10.0, a broken access control issue in FileRise\u0027s ONLYOFFICE integration allows an authenticated user with read-only access to obtain a signed save callbackUrl for a file and then directly forge the ONLYOFFICE save callback to overwrite that file with attacker-controlled content. This issue has been patched in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T19:15:03.367Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-6c3j-f4x4-36m3"
},
{
"name": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.10.0"
}
],
"source": {
"advisory": "GHSA-6c3j-f4x4-36m3",
"discovery": "UNKNOWN"
},
"title": "FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33330",
"datePublished": "2026-03-24T19:15:03.367Z",
"dateReserved": "2026-03-18T21:23:36.678Z",
"dateUpdated": "2026-03-24T20:07:58.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33329 (GCVE-0-2026-33329)
Vulnerability from cvelistv5 – Published: 2026-03-24 19:14 – Updated: 2026-03-25 16:20
VLAI?
Title
FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle
Summary
FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler (UploadModel::handleUpload()) is concatenated directly into filesystem paths without any sanitization. An authenticated user with upload permission can exploit this to write files to arbitrary directories on the server, delete arbitrary directories via the post-assembly cleanup, and probe file/directory existence. This issue has been patched in version 3.10.0.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33329",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:19:57.166744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:20:07.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.1, \u003c 3.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler (UploadModel::handleUpload()) is concatenated directly into filesystem paths without any sanitization. An authenticated user with upload permission can exploit this to write files to arbitrary directories on the server, delete arbitrary directories via the post-assembly cleanup, and probe file/directory existence. This issue has been patched in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T19:14:42.771Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-c2jm-4wp9-5vrh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-c2jm-4wp9-5vrh"
},
{
"name": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/commit/3871f9fd1661688bed4f7dd23912be0ebf50973c"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.10.0"
}
],
"source": {
"advisory": "GHSA-c2jm-4wp9-5vrh",
"discovery": "UNKNOWN"
},
"title": "FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33329",
"datePublished": "2026-03-24T19:14:42.771Z",
"dateReserved": "2026-03-18T21:23:36.678Z",
"dateUpdated": "2026-03-25T16:20:07.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33072 (GCVE-0-2026-33072)
Vulnerability from cvelistv5 – Published: 2026-03-20 08:31 – Updated: 2026-03-20 18:07
VLAI?
Title
FileRise: Default Encryption Key Enables Token Forgery and Config Decryption
Summary
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker to forge upload tokens for arbitrary file upload to shared folders, and to decrypt admin configuration secrets including OIDC client secrets and SMTP passwords. FileRise uses a single key (PERSISTENT_TOKENS_KEY) for all crypto operations. The default value default_please_change_this_key is hardcoded in two places and used unless the deployer explicitly overrides the environment variable. This issue is fixed in version 3.9.0.
Severity ?
8.2 (High)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33072",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T16:04:34.650265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:07:22.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-f4xx-57cv-mg3x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all cryptographic operations \u2014 HMAC token generation, AES config encryption, and session tokens \u2014 allowing any unauthenticated attacker to forge upload tokens for arbitrary file upload to shared folders, and to decrypt admin configuration secrets including OIDC client secrets and SMTP passwords. FileRise uses a single key (PERSISTENT_TOKENS_KEY) for all crypto operations. The default value default_please_change_this_key is hardcoded in two places and used unless the deployer explicitly overrides the environment variable. This issue is fixed in version 3.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T08:31:08.452Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-f4xx-57cv-mg3x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-f4xx-57cv-mg3x"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.9.0"
}
],
"source": {
"advisory": "GHSA-f4xx-57cv-mg3x",
"discovery": "UNKNOWN"
},
"title": "FileRise: Default Encryption Key Enables Token Forgery and Config Decryption"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33072",
"datePublished": "2026-03-20T08:31:08.452Z",
"dateReserved": "2026-03-17T19:27:06.344Z",
"dateUpdated": "2026-03-20T18:07:22.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33071 (GCVE-0-2026-33071)
Vulnerability from cvelistv5 – Published: 2026-03-20 08:27 – Updated: 2026-03-20 21:21
VLAI?
Title
FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads
Summary
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In non-default deployments lacking Apache's LocationMatch protection, this leads to remote code execution. When files are uploaded via WebDAV, the createFile() method in FileRiseDirectory.php and the put() method in FileRiseFile.php accept the filename directly from the WebDAV client without any validation. In contrast, the regular upload endpoint in UploadModel::upload() validates filenames against REGEX_FILE_NAME. This issue is fixed in version 3.8.0.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33071",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T21:20:54.065285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:21:06.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In non-default deployments lacking Apache\u0027s LocationMatch protection, this leads to remote code execution. When files are uploaded via WebDAV, the createFile() method in FileRiseDirectory.php and the put() method in FileRiseFile.php accept the filename directly from the WebDAV client without any validation. In contrast, the regular upload endpoint in UploadModel::upload() validates filenames against REGEX_FILE_NAME. This issue is fixed in version 3.8.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T08:27:37.149Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-46gv-gf5f-wvr2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-46gv-gf5f-wvr2"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.8.0"
}
],
"source": {
"advisory": "GHSA-46gv-gf5f-wvr2",
"discovery": "UNKNOWN"
},
"title": "FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33071",
"datePublished": "2026-03-20T08:27:37.149Z",
"dateReserved": "2026-03-17T19:27:06.344Z",
"dateUpdated": "2026-03-20T21:21:06.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33070 (GCVE-0-2026-33070)
Vulnerability from cvelistv5 – Published: 2026-03-20 08:25 – Updated: 2026-03-25 13:49
VLAI?
Title
FileRise has Unauthenticated Share Link Deletion
Summary
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to shared file access. The POST /api/file/deleteShareLink.php endpoint calls FileController::deleteShareLink() which performs no authentication, authorization, or CSRF validation before deleting a share link. Any anonymous HTTP client can destroy share links. This issue is fixed in version 3.8.0.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33070",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:48:12.773800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:49:07.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to shared file access. The POST /api/file/deleteShareLink.php endpoint calls FileController::deleteShareLink() which performs no authentication, authorization, or CSRF validation before deleting a share link. Any anonymous HTTP client can destroy share links. This issue is fixed in version 3.8.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T08:25:07.081Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-vh5m-w36c-99xv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-vh5m-w36c-99xv"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.8.0"
}
],
"source": {
"advisory": "GHSA-vh5m-w36c-99xv",
"discovery": "UNKNOWN"
},
"title": "FileRise has Unauthenticated Share Link Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33070",
"datePublished": "2026-03-20T08:25:07.081Z",
"dateReserved": "2026-03-17T19:27:06.343Z",
"dateUpdated": "2026-03-25T13:49:07.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25231 (GCVE-0-2026-25231)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:34 – Updated: 2026-02-10 16:01
VLAI?
Title
FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control
Summary
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:55.256400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:25.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:34:36.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.3.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.3.0"
}
],
"source": {
"advisory": "GHSA-hv99-77cw-hvpr",
"discovery": "UNKNOWN"
},
"title": "FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25231",
"datePublished": "2026-02-09T18:34:36.858Z",
"dateReserved": "2026-01-30T14:44:47.328Z",
"dateUpdated": "2026-02-10T16:01:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25230 (GCVE-0-2026-25230)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:32 – Updated: 2026-02-10 16:01
VLAI?
Title
FileRise affected by HTML Injection using color property in file tags
Summary
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.
Severity ?
4.6 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:30:28.186509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:32.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:33:36.297Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-h8fw-42v6-gfhv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-h8fw-42v6-gfhv"
},
{
"name": "https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/controllers/FileController.php#L4016-L4058",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/controllers/FileController.php#L4016-L4058"
},
{
"name": "https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/models/FileModel.php#L3146",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fc88/src/models/FileModel.php#L3146"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.3.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.3.0"
}
],
"source": {
"advisory": "GHSA-h8fw-42v6-gfhv",
"discovery": "UNKNOWN"
},
"title": "FileRise affected by HTML Injection using color property in file tags"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25230",
"datePublished": "2026-02-09T18:32:09.795Z",
"dateReserved": "2026-01-30T14:44:47.328Z",
"dateUpdated": "2026-02-10T16:01:32.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68116 (GCVE-0-2025-68116)
Vulnerability from cvelistv5 – Published: 2025-12-16 16:43 – Updated: 2025-12-16 21:38
VLAI?
Title
FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling
Summary
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue.
Severity ?
8.9 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T21:37:55.472450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T21:38:03.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting (XSS) due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG (primary) or HTML (secondary) file stored in a FileRise instance can cause JavaScript execution when a victim opens a generated share link (and in some cases via the direct download endpoint). This impacts share links (`/api/file/share.php`) and direct file access / download path (`/api/file/download.php`), depending on browser/content-type behavior. Version 2.7.1 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:43:30.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-35pp-ggh6-c59c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-35pp-ggh6-c59c"
}
],
"source": {
"advisory": "GHSA-35pp-ggh6-c59c",
"discovery": "UNKNOWN"
},
"title": "FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68116",
"datePublished": "2025-12-16T16:43:30.338Z",
"dateReserved": "2025-12-15T16:16:22.744Z",
"dateUpdated": "2025-12-16T21:38:03.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66403 (GCVE-0-2025-66403)
Vulnerability from cvelistv5 – Published: 2025-12-01 22:20 – Updated: 2025-12-02 14:10
VLAI?
Title
FileRise Vulnerable to Stored XSS via SVG Upload
Summary
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting (XSS) vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG uploads without sanitizing or restricting embedded script content. When a malicious SVG containing inline JavaScript or event-based payloads is uploaded, it is later rendered directly in the browser whenever viewed within the application. Because SVGs are XML-based and allow scripting, they execute in the origin context of the application, enabling full stored XSS. This vulnerability is fixed in 2.2.3.
Severity ?
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:10:00.593516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:10:15.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 2.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting (XSS) vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG uploads without sanitizing or restricting embedded script content. When a malicious SVG containing inline JavaScript or event-based payloads is uploaded, it is later rendered directly in the browser whenever viewed within the application. Because SVGs are XML-based and allow scripting, they execute in the origin context of the application, enabling full stored XSS. This vulnerability is fixed in 2.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:20:56.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-qrcv-vjvf-fr29",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-qrcv-vjvf-fr29"
},
{
"name": "https://github.com/error311/FileRise/commit/f2ce43f18f0444f8f63f7c33758d1837dd5ba91e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/commit/f2ce43f18f0444f8f63f7c33758d1837dd5ba91e"
}
],
"source": {
"advisory": "GHSA-qrcv-vjvf-fr29",
"discovery": "UNKNOWN"
},
"title": "FileRise Vulnerable to Stored XSS via SVG Upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66403",
"datePublished": "2025-12-01T22:20:56.602Z",
"dateReserved": "2025-11-28T23:33:56.364Z",
"dateUpdated": "2025-12-02T14:10:15.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62510 (GCVE-0-2025-62510)
Vulnerability from cvelistv5 – Published: 2025-10-20 17:39 – Updated: 2025-10-20 18:04
VLAI?
Title
FileRise insecure folder visibility via name-based mapping and incomplete ACL checks
Summary
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:03:49.137606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:04:16.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "= 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users\u2019 content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T17:39:10.115Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-jm96-2w52-5qjj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-jm96-2w52-5qjj"
},
{
"name": "https://github.com/error311/FileRise/issues/55",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/issues/55"
},
{
"name": "https://github.com/error311/FileRise/commit/b6d86b78967baa2f5a1e191903fc4df13998d87f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/commit/b6d86b78967baa2f5a1e191903fc4df13998d87f"
}
],
"source": {
"advisory": "GHSA-jm96-2w52-5qjj",
"discovery": "UNKNOWN"
},
"title": "FileRise insecure folder visibility via name-based mapping and incomplete ACL checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62510",
"datePublished": "2025-10-20T17:39:10.115Z",
"dateReserved": "2025-10-15T15:03:28.133Z",
"dateUpdated": "2025-10-20T18:04:16.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62509 (GCVE-0-2025-62509)
Vulnerability from cvelistv5 – Published: 2025-10-20 17:38 – Updated: 2025-10-20 18:05
VLAI?
Title
FileRise improper ownership/permission validation allowed cross-tenant file operations
Summary
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs server-side, avoid creating top-level folders named after other usernames, and adding server-side checks that verify ownership before delete/rename/move.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T18:05:40.943528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T18:05:53.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise\u2019s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs server-side, avoid creating top-level folders named after other usernames, and adding server-side checks that verify ownership before delete/rename/move."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T17:38:49.999Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-6p87-q9rh-95wh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-6p87-q9rh-95wh"
},
{
"name": "https://github.com/error311/FileRise/issues/53",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/issues/53"
},
{
"name": "https://github.com/error311/FileRise/commit/25ce6a76beb60950359c0304765ad91a8aff8ad8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/commit/25ce6a76beb60950359c0304765ad91a8aff8ad8"
}
],
"source": {
"advisory": "GHSA-6p87-q9rh-95wh",
"discovery": "UNKNOWN"
},
"title": "FileRise improper ownership/permission validation allowed cross-tenant file operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62509",
"datePublished": "2025-10-20T17:38:49.999Z",
"dateReserved": "2025-10-15T15:03:28.133Z",
"dateUpdated": "2025-10-20T18:05:53.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}