8.4
CVE-2025-5964
- EPSS 10.34%
- Veröffentlicht 15.06.2025 19:42:24
- Zuletzt bearbeitet 23.02.2026 11:16:21
- Quelle security@m-files.com
- CVE-Watchlists
- Unerledigt
Path traversal in M-Files API
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
M-files ≫ M-files Server SwEditionlts Version < 24.8.13981.16
M-files ≫ M-files Server SwEditionlts Version >= 25.2.14524.3 < 25.2.14524.9
M-files ≫ M-files Server SwEdition- Version >= 25.3.14681.7 < 25.6.14925.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.34% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@m-files.com | 8.4 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Green
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://product.m-files.com/security-advisories/cve-2025-5964
https://empower.m-files.com/security-advisories/CVE-2025-5964