CVE-2025-52997

Medienbericht

Exploit

EPSS 0.47%
Veröffentlicht 30.06.2025 20:15:25
Zuletzt bearbeitet 04.08.2025 18:15:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

File Browser Insecurely Handles Passwords

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a brute-force attack to retrieve the passwords of all accounts in a given instance. This issue has been patched in version 2.34.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Filebrowser ≫ Filebrowser Version < 2.34.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.371

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

09.08.2025 11:36

https://github.com/filebrowser/filebrowser/commit/bf37f88c32222ad9c186482bb97338a9c9b4a93c

Patch

https://github.com/filebrowser/filebrowser/security/advisories/GHSA-cm2r-rg7r-p7gg

Vendor Advisory

Exploit

https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250327-01_Filebrowser_Insecure_Password_Handling

https://nvd.nist.gov/vuln/detail/CVE-2025-52997

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52997

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52997

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-52997