CVE-2025-53893

HIGH EPSS 26.7%

Published Jul 15, 202511mo ago · Modified Jun 17, 20261w ago

7.7 CVSS 4.0

High

Published Jul 15, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service (DoS) vulnerability exists in the file processing logic when reading a file on endpoint `Filebrowser-Server-IP:PORT/files/{file-name}` . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations without size checks or resource limits. This allows an authenticated user to upload a large file and trigger uncontrolled memory consumption on read, potentially crashing the server and making it unresponsive. As of time of publication, no known patches are available.

CVSS Details

Base Score

7.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

26.7% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

CWE-789

Affected Products 1

Vendor	Product	Version	Range
filebrowser	filebrowser	2.38.0	any

References 2

github.com https://github.com/filebrowser/filebrowser/issues/5294

Issue Tracking
github.com https://github.com/filebrowser/filebrowser/security/advisories/GHSA-7xqm-7738-642x

ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.