CVE-2025-52996

Medienbericht

Exploit

EPSS 0.05%
Veröffentlicht 30.06.2025 19:58:33
Zuletzt bearbeitet 04.08.2025 18:15:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file through a direct download link. This link can either be shared unknowingly by a user or discovered from various locations such as the browser history or the log of a proxy server used. At time of publication, no known patched versions are available.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Filebrowser ≫ Filebrowser Version <= 2.32.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
security-advisories@github.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://www.sba-research.org/2025/07/24/sba-security-advisory-filebrowser-password-protection-of-links-bypassable-cve-2025-52996/

Medienbericht

SBA Research

09.08.2025 11:36

https://github.com/filebrowser/filebrowser/security/advisories/GHSA-3v48-283x-f2w4

Vendor Advisory

Exploit

https://github.com/filebrowser/filebrowser/issues/5239

Issue Tracking

https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-02_Filebrowser_Password_Protection_Of_Links_Bypassable

https://nvd.nist.gov/vuln/detail/CVE-2025-52996

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52996

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52996

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-52996